vault-cli

#!/usr/bin/env ruby

require 'vault'
require 'yaml'

def usage
  me = File.basename($0)
  puts <<-EOF.gsub(/\t/, '  ')

Usage: #{me} tree|read|add|write|delete path/to/key [key1:value1 [key2:value2 ...]]

Examples:
  #{me} tree secrets/
  #{me} write secrets/mykey key:xyz
  #{me} add secrets/mykey other_key:abc
  #{me} read secrets/mykey
  #{me} delete secrets/mykey

  EOF
end

unless command = ARGV.shift
  usage
  exit 0
end

unless path = ARGV.shift
  usage
  exit 1
end

def args_to_hash(args)
  result = {}
  args.each do |item|
    key, value = item.split(/:/)
    key ||= value
    result[key] = value
  end

  return result
end

def read(vault, item, parent = '')
  me = File.join(parent, item)
  if result = vault.logical.read(me)
    return result.data
  else
    return nil
  end
end

def list(vault, item, parent = '')
  me = File.join(parent, item)
  vault.logical.list(me)
end
def list_recursive(vault, path, parent = '')
  me = File.join(parent, path)
  result = list(vault, me).inject({}) do |hash, item|
    case item
    when /.*\/$/
      hash[item.gsub(/\/$/, '').to_sym] = list_recursive(vault, item, me) 
    else
      hash[item.to_sym] = read(vault, item, me)
    end
    hash
  end
  result
end

def delete(vault, path)
  vault.logical.delete(path)
end

def write(vault, path, params = {})
  vault.logical.write(path, params)
end

def print(header, content, footer = nil)
  puts header
  if content
    puts content.to_yaml
  else
    puts "*nothing*"
  end

  puts footer if footer
end

vault = Vault::Client.new
case command
when 'tree'
  print "Recursive content of #{path}:", list_recursive(vault, path)
  exit 0
when 'delete'
  delete(vault, path)
when 'read'
when 'write'
  params = args_to_hash(ARGV)
  write(vault, path, params)
when 'add'
  params = args_to_hash(ARGV)
  params.merge!(read(vault, path) || {})
  write(vault, path, params)
else
  usage
  exit 1
end

print "Content of #{path}:", read(vault, path)