retrieve secrets from vault

skabbass1 · Oct 14, 2018 · 48c108d · 48c108d
1 parent 7546eb0
commit 48c108d
Show file tree

Hide file tree

Showing 8 changed files with 134 additions and 192 deletions.
diff --git a/lib/spendthrift.rb b/lib/spendthrift.rb
@@ -4,3 +4,4 @@
 require 'spendthrift/reporting'
 require 'spendthrift/mailer'
 require 'spendthrift/db'
+require 'spendthrift/secrets'
diff --git a/lib/spendthrift/db.rb b/lib/spendthrift/db.rb
@@ -10,8 +10,14 @@ module DynamoDB
 
 
     def self.load_report(report)
+      secrets = (Spendthrift::Secrets.get_secrets)[:aws]
 
-      dynamodb = Aws::DynamoDB::Client.new
+      Aws.config.update({
+        credentials: Aws::Credentials.new(secrets[:AWS_ACCESS_KEY_ID], secrets[:AWS_SECRET_ACCESS_KEY]),
+        region: secrets[:AWS_DEFAULT_REGION],
+      })
+
+      dynamodb = Aws::DynamoDB::Client.new()
 
       report.each do |key, value|
         params = {

diff --git a/lib/spendthrift/mailer.rb b/lib/spendthrift/mailer.rb
@@ -3,11 +3,12 @@
 module Spendthrift
   module Mailer
     def self.send_mail(content:, subject:)
-      RestClient.post "https://api:#{ENV.fetch('MAILGUN_API_KEY')}"\
-          "@api.mailgun.net/v3/#{ENV.fetch('MAILGUN_DOMAIN_NAME')}/messages",
-         :from => "Syed Abbas <mailgun@#{ENV.fetch('MAILGUN_DOMAIN_NAME')}.mailgun.org>",
-          :to => ENV.fetch("MAILGUN_RECIPIENTS"),
-       :subject => subject,
+      secrets = (Spendthrift::Secrets.get_secrets)[:app]
+      RestClient.post "https://api:#{secrets[:MAILGUN_API_KEY]}"\
+        "@api.mailgun.net/v3/#{secrets[:MAILGUN_DOMAIN_NAME]}/messages",
+        :from => "Syed Abbas <mailgun@#{secrets[:MAILGUN_DOMAIN_NAME]}.mailgun.org>",
+        :to => secrets[:MAILGUN_RECIPIENTS],
+        :subject => subject,
         :html => content
     end
   end

diff --git a/lib/spendthrift/plaid_client.rb b/lib/spendthrift/plaid_client.rb
@@ -6,13 +6,10 @@ module Spendthrift
 
   module PlaidGateway
 
-    class CredentialsError < StandardError
+    class VaultError < StandardError
     end
 
 
-    class AccountAccessTokensError < StandardError
-    end
-
     class AccountTypeError < StandardError
     end
 
@@ -23,15 +20,13 @@ class PlaidClient
 
 
       def initialize
+          secrets  = load_secrets_from_vault
+          @raw_client = Plaid::Client.new(env: :development,
+                                          client_id: secrets[:PLAID_CLIENT_ID],
+                                          secret: secrets[:PLAID_SECRET],
+                                          public_key: secrets[:PLAID_PUBLIC_KEY])
 
-
-        client_id, secret, public_key = load_credentials_from_env
-        @raw_client = Plaid::Client.new(env: :development,
-                                        client_id: client_id,
-                                        secret: secret,
-                                        public_key: public_key)
-
-        @access_tokens = load_access_tokens_from_env
+          @access_tokens = secrets[:PLAID_ACCESS_TOKENS].split ':'
 
       end
 
@@ -61,7 +56,6 @@ def get_credit_card_accounts
         get_accounts_by_type 'credit', 'credit card'
       end
 
-
       def get_savings_accounts
         get_accounts_by_type 'depository', 'savings'
       end
@@ -75,30 +69,16 @@ def get_checking_accounts
       private
 
 
-      def load_credentials_from_env
-        credentials = ENV['PLAID_CLIENT_ID'], ENV['PLAID_SECRET'], ENV['PLAID_PUBLIC_KEY']
-        if credentials.any? {|c| c.nil?}
-          raise CredentialsError.new(
-              'PLAID_CLIENT_ID, PLAID_SECRET and PLAID_PUBLIC_KEY must be set as environment variables'
-          )
-        end
-
-        credentials
-
-      end
-
-
-      def load_access_tokens_from_env
-        if ENV.has_key? 'PLAID_ACCESS_TOKENS'
-          ENV['PLAID_ACCESS_TOKENS'].split ':'
-        else
-          raise AccountAccessTokensError.new(
-              'Account access tokens must be set in the PLAID_ACCESS_TOKENS environment variable'
+      def load_secrets_from_vault
+        secrets = (Spendthrift::Secrets.get_secrets)[:app]
+        if secrets.nil?
+          raise VaultError.new(
+            'app secrets not found in vault'
           )
         end
+        secrets
       end
 
-
       def get_accounts_by_type(type, subtype)
         @access_tokens.map do |token|
           response = @raw_client.accounts.get token

diff --git a/lib/spendthrift/secrets.rb b/lib/spendthrift/secrets.rb
@@ -0,0 +1,36 @@
+require "json"
+require "rest-client"
+
+module Spendthrift
+
+  module Secrets
+
+    VAULT_LOCATION = "http://127.0.0.1:8200/v1/secret/"
+
+    def self.get_secrets
+      app = get_secrets_at_path(app_secrets_path)
+      aws = get_secrets_at_path(aws_secrets_path)
+      {app: app[:data], aws: aws[:data]}
+
+    end
+
+    private
+
+    def self.get_secrets_at_path(path)
+      response = RestClient.get(
+        path,
+        headers={"X-Vault-Token" => ENV["VAULT_TOKEN"],
+                 "content-type" => "application/json" }
+      )
+      JSON.parse(response.body, :symbolize_names=>true)
+    end
+
+    def self.aws_secrets_path
+      "#{VAULT_LOCATION}/aws"
+    end
+
+    def self.app_secrets_path
+      "#{VAULT_LOCATION}/spendthrift"
+    end
+  end
+end