= Barberousse - Remote Secrets Editor :toc: :toc-title: image:https://gist.githubusercontent.com/zeapo/2afd80cabc820156fd34f5888f207202/raw/d90618f2cc72fb62436303caba1a46c0282ca87a/barblogo.svg[width=120,align=center] == About image:https://github.com/zeapo/barberousse/workflows/build/badge.svg[] A project aimed to avoid downloading secrets from remote providers (support only AWS Secret Manager for the moment). Opens an editor with the content of the secret readily editable, upon save & exit, the secret is automatically uploaded and a new version created remotely. This way, no need to use common bad-practices such as versionning secrets in a VCS or worst, storing them on your machine and sending them via slack :) NOTE: This project is at its earliest stage a project can be, i.e. a proof of concept that might or not develop into a full fledged project. == Usage === Options Just like awscli, you can customize the profile and region to use: .... OPTIONS: -P, --profile Use a specific aws profile, overrides config and env settings -R, --region The region where the secret is, overrides config and env settings .... These are global options, and can be set anywhere in the command. === Printing Cat your secret in a nice format into stdout By default the remote secret is read as a json secret and printed in yaml for ease of read. However, you can customize this behavior to your choosing by passing the *print format* defining how you want your secrets to be formatted, and *secret format* defining the format of the remote secret. .... ARGS: The id of the secret to print FLAGS: -n, --no-color Do not color the output, this behavior is the same as when piping to another program OPTIONS: -p, --print-format The format used to print the secret, if the secret's format is `text`, this will be ignored and defaults to `text` too [default: yaml] [possible values: json, yaml, text] -s, --secret-format The format of the secret's remote storage [default: json] [possible values: json, yaml, text] .... The output is pretty-printed, and color highlighted by default. Disable that by using `--print-format=text` * YAML output (default) ❯❯❯ barberousse cat /test/file --print-format yaml 1 │ --- 2 │ a: secret 3 │ another: secret value * JSON output ❯❯❯ barberousse cat /test/file --print-format json 1 │ { 2 │ "a": "secret", 3 │ "another": "secret value" 4 │ } * JSON output piped to `jq` ❯❯❯ barberousse cat /test/file --print-format json | jq -r '.a' secret How it may look like on your terminal: image:https://gist.githubusercontent.com/zeapo/dc584b68baa0e735670ad87b4754debe/raw/227c8de2a054dd844d67b01893bc954aca951157/barbcat.svg[] === Editing Allows you to edit a remote secret without saving it on disk (a temp file is created though... a more secure way to handle temp files will come in the future, see #3). You can use different formats to edit your secret (json, yaml, plain text). .... ARGS: The id of the secret to edit OPTIONS: -e, --edit-format The format used to edit the secret, if the secret's format is `text`, this will be ignored and defaults to `text` too [default: yaml] [possible values: json, yaml, text] -s, --secret-format The format of the secret's remote storage [default: json] [possible values: json, yaml, text] --editor Override the default editor, $EDITOR, used for editing the secret .... * To edit in YAML a JSON secret (default): ❯❯❯ barberousse edit /test/file --edit-format yaml --secret-format json * To edit in JSON a JSON secret: ❯❯❯ barberousse edit /test/file --edit-format json --secret-format json How it may look like on your terminal: image:https://gist.githubusercontent.com/zeapo/e6e468331bfb3d2785237a93d782685d/raw/f652a19d1e86e96453bac4593055041516ea08f6/barbedit.svg[] === Copying By copying a secret, you can customize them for different usage. Use this feature wisely as it may lead to re-using the secrets and this is not a good practice. .... ARGS: The id of the secret to copy The id of the secret to create OPTIONS: -e, --edit-format The format used to edit the secret, if the secret's format is `text`, this will be ignored and defaults to `text` too [default: yaml] [possible values: json, yaml, text] -s, --secret-format The format of the secret's remote storage [default: json] [possible values: json, yaml, text] --editor Override the default editor, $EDITOR, used for editing the secret --target-region Use a different region for the target secret .... * To copy a JSON secret and edit it in YAML (default): ❯❯❯ barberousse copy /test/file /test/file2 * To copy a secret from one region to another: ❯❯❯ barberousse copy /test/file /test/file2 --region eu-west-1 --target-region eu-west-3 == RoadMap === 1.0 We're almost there! * [x] General ** [x] Support selecting profiles and regions (env variables are supported though) * [x] Editing ** [x] Edit JSON, YAML, text ** [x] Edit JSON using YAML (default behavior) ** [x] Edit using ** [x] Create a secret if not exist ** [x] Custom editor selection, pass `--editor` * [x] Printing ** [x] Cat the content of a secret in one or many other formats * [x] Copy ** [x] Duplicate a secret (and open an editor before saving the copy) ** [x] Support cross region === 1.1 Some extra features to edit non-content info. This should be more an interactive process overall otherwise it would not make sense to have them as the aws cli already provides a good api to do exactly that. * Edit secret's metadata (description and KMS key): replaces the `update-secret --description "" --kms-key-id ""` * Print secret's metadata === Future Open to suggestions!