-
summon-0.9.0-0.1.git13747f9.lbn25.x86_64
summon is a command-line tool to make working with secrets easier.
It provides an interface for
Reading a secrets.yml file
Fetching secrets from a trusted store
Exporting secret values to a sub-process environment
Located in
LBN
/
…
/
Core Linux
/
BastionLinux 25
-
summon-aws-secrets-0.4.0-0.1.gitc015d9b.lbn25.x86_64
Summon provider for AWS Secrets Manager
Located in
LBN
/
…
/
Core Linux
/
BastionLinux 25
-
summon-chefapi-0.1.1-0.2.git88fdef1.lbn25.x86_64
For many, Chef encrypted data bags are difficult to work with. This Summon provider allows you to use Summon + secrets.yml to improve your development workflow with encrypted data bags.
Example
Create an encrypted data bag with a PostgreSQL password.
$ knife data bag create passwords postgres --secret-file encrypted_data_bag_secret
{
"id": "postgres",
"value": "mysecretpassword"
}
Install Summon and this provider.
Create a secrets.yml file.
POSTGRES_PASSWORD: !var passwords/postgres/value
Now you can inject the password into any process as an environment variable. Instead of dealing with the Data Bag API in your Chef recipe, you can just use ENV['POSTGRES_PASSWORD'].
$ summon chef-client --once
Once chef-client finishes, the password is gone, not left on your system.
Configure
Configuration of this provider is through environment variables:
CHEF_NODE_NAME: The name of the node. (node_name in knife.rb)
CHEF_CLIENT_KEY_PATH: The location of the file that contains the client key. (client_key in knife.rb)
CHEF_SERVER_URL: The URL for the Chef server. (chef_server_url in knife.rb)
CHEF_DECRYPTION_KEY_PATH: The location of the file that contains the decryption key.
CHEF_SKIP_SSL: Skip SSL verification (for self-signed certs). Set to "1" to activate.
Located in
LBN
/
…
/
Core Linux
/
BastionLinux 25
-
summon-conjur-0.6.0-0.1.gitf48c46b.lbn25.x86_64
CyberArk Conjur provider for Summon
Located in
LBN
/
…
/
Core Linux
/
BastionLinux 25
-
summon-keyring-0.2.1-2.lbn25.noarch
Cross-platform provider for Summon that talks to keyrings.
Wraps the Python keyring library to allow summon to fetch credentials from:
OSX Keychain
Linux Secret Service
Windows Credential Vault
gnome-keyring
kwallet
This provider requires that you have Python and pip installed.
By default, this provider fetches secrets from the service "summon". Change this by setting the SUMMON_KEYRING_SERVICE environment variable.
Located in
LBN
/
…
/
Core Linux
/
BastionLinux 25
-
summon-s3-0.2.0-0.2.git42b6d99.lbn25.x86_64
AWS S3 provider for Summon.
Provides access to secrets stored in Amazon S3.
Located in
LBN
/
…
/
Core Linux
/
BastionLinux 25
-
summon-vault4summon-0.4-0.1.gitcd31ff2.lbn25.x86_64
Providers for Summon are easy to write. Given the identifier of a secret, they either return its value or an error.
There is the contract:
They take one and only one argument, the identifier of a secret (a string). The argument can also be a flag with value -v or --version. The provider must return his version on stdout.
If retrieval is successful, they return the value on stdout with exit code 0.
If an error occurs, they return an error message on stderr with a non-0 exit code.
The default path for providers is /usr/local/lib/summon/. If one provider is in that path, summon will use it. If multiple providers are in the path, you can specify which one to use with the --provider flag, or the environment variable SUMMON_PROVIDER. If your providers are placed outside the default path, give summon the full path to them.
Variable IDs are used as identifiers for fetching Secrets. These are made up of a secret name (required) and secret key path (optional).
The Vault CLI to retrieve a secret is
vault kv get -field=mysecretkeypath secret/name
This provider are 2 implemented formats for Variable ID:
secret/name#mysecretkeypath as used by AWS Secrets Manager provider
secret/name/mysecretkeypath as used by Keepass kdbx database file provider
So the two commands below return the same value
summon --provider vault4summon --yaml 'hello: !var secret/name#mysecretkeypath' printenv hello
summon --provider vault4summon --yaml 'hello: !var secret/name/mysecretkeypath' printenv hello
Located in
LBN
/
…
/
Core Linux
/
BastionLinux 25
-
git-core-doc-2.47.1-1.lbn36.noarch
Documentation files for git-core package including man pages.
Located in
LBN
/
…
/
DevOps
/
BastionLinux 36
-
python3-taiga-cli-0.3.8-1.lbn36.noarch
Taiga is project management software for cross-functional teams. Taiga has a
beautiful web interface; but to do better/quicker Scrum we've created this -
scrum on the command line; ScrumOps!!
Located in
LBN
/
…
/
Business
/
BastionLinux 36
-
python3-taiga-contrib-ldap-auth-ext-0.5-1.lbn36.noarch
Extended Taiga.io plugin for LDAP authentication. This is a fork of ensky/taiga-contrib-ldap-auth
which also retrieves the various contributions and other forks into one.
Located in
LBN
/
…
/
Business
/
BastionLinux 36
