rogerluan / arkana Goto Github PK

View Code? Open in Web Editor NEW

340.0 10.0 14.0 3.53 MB

Store your keys and secrets away from your source code. Designed for Android and iOS projects.

License: BSD 2-Clause "Simplified" License

Ruby 76.51% Shell 0.15% HTML 23.34%

swift android dotenv encryption gem ios kotlin ruby secrets

arkana's Introduction

Hi there! I'm Roger!

Latest blog posts

arkana's People

Contributors

Stargazers

Watchers

Forkers

orta andestaerfan scottymack ahujamanish carotkut94 alobaili v65wall jdanthinne iq-scm ericyangpoxst abadihariri oahhariri doytsujin

arkana's Issues

Add a section on guidance of ensuring running arkana command before build every time

It's easy for developers overlook to run bundle exec arkana ... after switching target/environment, and it's annoying when bug occurs due to mismatch token/keys.

Suggest to add a New Run Script Phase before Compile Sources for each target.

I ran arkana… what's the next step?

After I run bundle exec arkana … and the generated SwiftPM package is created, how do I use it?
Can I immediately open my Xcode project and import ArkanaKeys?
How do I include the generated SwiftPM package in my Xcode project?

I think the documentation for Arkana should include answers to all these questions.

Undefined symbols for architecture arm64 (On new target)

False Alarm. This wasn't related to this library. Sorry we are doing a big transition from Pods to SPM.

Add more unit tests for other types of secrets

Add unit tests for "any" type of secret, such as industry well known secret generation algorithms, including handling all types of special characters.

Right now this has only been tested generating secrets for hex, base64 and uuid secrets, of 64-characters long. Examples: how about really long secrets? Non-ascii characters? Secrets with emojis or other unicode characters?

Point of entry: arkana_tests.swift.erb

Issues with Xcode Build Phases Script

Hi, I find arkana very useful and was successfully to switch between different environment sets.

But when I try to integrate this to Xcode Build Phase:

tmp=${CONFIGURATION#*(}   # remove prefix ending in "("
env=${tmp%)*}   # remove suffix starting with ")"

bundle exec arkana -d ".env.${env}"

I get ERROR /Library/Ruby/Site/2.6.0/rubygems.rb:265:in find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundle (Gem::GemNotFoundException)`

Here is the output of gem environment also in Build Phase:


Showing Recent Messages
RubyGems Environment: - RUBYGEMS VERSION: 3.3.20 - RUBY VERSION: 2.6.10 (2022-04-12 patchlevel 210) [universal.arm64e-darwin22] - INSTALLATION DIRECTORY: /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/gems/2.6.0 - USER INSTALLATION DIRECTORY: /Users/johnny/.gem/ruby/2.6.0 - RUBY EXECUTABLE: /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby - GIT EXECUTABLE: /Applications/Xcode.app/Contents/Developer/usr/bin/git - EXECUTABLE DIRECTORY: /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin - SPEC CACHE DIRECTORY: /Users/johnny/.gem/specs - SYSTEM CONFIGURATION DIRECTORY: /Library/Ruby/Site - RUBYGEMS PLATFORMS: - ruby - universal-darwin-22 - GEM PATHS: - /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/gems/2.6.0 - /Users/johnny/.gem/ruby/2.6.0 - GEM CONFIGURATION: - :update_sources => true - :verbose => true - :backtrace => true - :bulk_threshold => 1000 - REMOTE SOURCES: - https://rubygems.org/ - SHELL PATH: - /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin - /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/appleinternal/bin - /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/local/bin - /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/libexec - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/usr/bin - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/usr/appleinternal/bin - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/usr/local/bin - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin - /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/local/bin - /Applications/Xcode.app/Contents/Developer/usr/bin - /Applications/Xcode.app/Contents/Developer/usr/local/bin - /usr/local/bin - /usr/bin - /bin - /usr/sbin - /sbin

Im on MacOS 13.0 Xcode 14.0

[Request] Support both Swift and ObjC

Hi there,

I've tried Arkana recently, and it seems to support only Swift.
I considered writing an Obj-C wrapper, but it's impractical since the number of Keys is dynamic, I have to update the Obj-C wrapper every time when the number of Keys changes.

So I'd like to request an improvement that the generated codes support both Swift and ObjC.

Support monorepo projects better

Right now if someone has a monorepo project (a repo with multiple projects inside), it could be hard to coordinate when each set of secrets should be generated. Perhaps we should have 1 command to generate secrets for all the projects at once, without overriding each others' results (i.e. by specifying different destination folders)

Add hook for env var validation during generation time

This is a nice-to-have: having a hook where users of this gem can write validations to their secrets (in Ruby) during generation time. This is useful if, for instance, you'd like to check that a specific env var shouldn't contain and empty string which would cause your app to crash, or it's expected to be a boolean but it's a string, or any other type of issue that could cause problems during runtime, could be avoided during code generation time.

Add support to Integer env vars

Right now only Strings and Booleans are supported.

Add a feature to only build for a selected environment

We can build for selected flavour using
arkana --flavour snowflake

It would be nice to have feature like
arkana --environment Production

So that we don't need to have every environment keys in our CI and we can just load only production keys in CI and that would be enough to run Arkana on CI

The key is getting corrupted when it contains '$'

The key is getting corrupted if it contains $.

I store APIKeyStaging="A$QEsdXNWTK0Qc+iSAl" in .env file, generate code and then I see "A+iSAl" as a decrypted value at the runtime.

Arkana v1.3.1.

Are there other special symbols that could corrupt keys?

Write tests that cover CocoaPods builds for Swift code generation

This would've prevented issues like this: #10

Write tests to cover for every possible Swift code generation combination

To make sure all combinations will compile :) this would prevent issues like this: #7

license compatibility issue: `colorize`

Hi,

Would it be possible to replace colorize dependency with something else (rainbow or other gem)? Colorize uses GPL2 license and that may not be fully compatible with Arkana's license.

Similar issue with colorize - spree/deface#153

Thanks,

Required Ruby version

Hello, I've noticed that this tool require ruby 2.7+, but by default MacOS and bitrise's Xcode stack are using 2.6.x. It's not a big issue to bump it, but for most developers that don't dabble with ruby it will be additional stepping stone while adding Arkana to their projects. Would it be possible to lower requirement?

SPM fails to install this project (Package.swift doesn't exist)

Sorry for adding a screenshot, instead of pasting the error message. But Xcode doesn't allow me to copy it.

Essentially Package.swift can't be found.

Thanks

Add success message when Arkana finishes generating secrets successfully

Add a .lock file to track when/if Arkana config or values change.

Context:

Difficulty following spm setup instructions

It took me several tries and some research to figure out how to follow the spm setup instructions

Step 1 may be a bit confusing to people as the default hierarchy is ArkanaKeys > ArkanaKeys. The instructions say to select the ArkanaKeys folder, without being specific for which one (it is of course the inner one).

Step 3 was hard to follow because there appears to be an issue that your local package you added above does not show up in the list to choose from unless you quit and reload xcode.

Don't generate unnecessary extensions

If you do not have any keys for global_secrets it still generates an unnecessary extension like:

public extension ArkanaKeys {
    struct Global: ArkanaKeysGlobalProtocol {
        public init() {}
    }
}

I presume like wise that if you had no environment_secrets It would also generate similar empty extensions.

You shouldn't generate these useless blocks of code if there are no keys

Add Support to Android

Number string is converted to int

When I define a variable in my .env file like this:

MyVar = "0001"

This will be translated by arkana into an integer with the trailing zeros being removed.

@inline(__always)
public let myVar: Int = {
    let encoded: [UInt8] = [
        0xa8, 0x5, 0x7, 0xf1
    ]
    return ArkanaKeys.decode(encoded: encoded, cipher: ArkanaKeys.salt)
}()

What I need however is to have the exact same string "0001" when I access myVar in the code. Is this a bug or is there a way to force parsing as string?

Document why using Arkana in a Build Phase Run Script is discouraged

Relates to #17

Arkana fails on CI due to .env file missing, even when env vars are all present in CI

Discussed in #32

^{Originally posted by mishaherasimov March 17, 2023}
I'm currently trying to build a pipeline that creates keys before building the project.
I've imported all keys as environmental variables of the project.

Given these conditions, Arkana fails to generate an SPM package because .env is added to .gitignore.
What would be the correct way to configure Arkana?

CI Environment: Circle CI

Missing package product 'ArkanaKeys' (arkana 1.5.0)

Hello,

I have reset the SPM cache and resolved everything from scratch. I get this error shown:

Missing package product 'ArkanaKeys'

I have updated it via bundler already:

> bundler update
Fetching gem metadata from https://rubygems.org/........
Resolving dependencies...
Fetching rake 13.1.0 (was 13.0.6)
Installing rake 13.1.0 (was 13.0.6)
Using rexml 3.2.6
Fetching public_suffix 5.0.4 (was 5.0.3)
Using rainbow 3.1.1
Using artifactory 3.0.15
Using atomos 0.1.3
Using bundler 2.4.14
Fetching yaml 0.3.0 (was 0.2.1)
Using dotenv 2.8.1
Using jmespath 1.6.2
Fetching aws-partitions 1.853.0 (was 1.828.0)
Using colored2 3.1.2
Using babosa 1.0.4
Using declarative 0.0.20
Using claide 1.1.0
Using digest-crc 0.6.5
Using highline 2.0.3
Using aws-eventstream 1.2.0
Using emoji_regex 3.2.3
Using faraday-em_http 1.0.0
Using faraday-em_synchrony 1.0.0
Using faraday-excon 1.1.0
Using faraday-httpclient 1.0.1
Using multipart-post 2.3.0
Using faraday-net_http_persistent 1.2.0
Using faraday-patron 1.0.0
Using faraday-net_http 1.0.1
Using faraday-retry 1.0.3
Using ruby2_keywords 0.0.5
Using colored 1.2
Using gh_inspector 1.1.3
Using jwt 2.7.1
Using fastimage 2.2.7
Using os 1.1.4
Using httpclient 2.8.3
Using mini_mime 1.1.5
Using faraday-rack 1.0.0
Using uber 0.1.0
Using retriable 3.1.2
Using webrick 1.8.1
Using google-cloud-errors 1.3.1
Using json 2.6.3
Using mini_magick 4.12.0
Using naturally 2.2.1
Using optparse 0.1.1
Using trailblazer-option 0.1.2
Fetching excon 0.104.0 (was 0.103.0)
Using plist 3.7.0
Using security 0.1.3
Using terminal-notifier 2.0.0
Fetching unicode-display_width 2.5.0 (was 2.4.2)
Using rubyzip 2.3.2
Using multi_json 1.15.0
Fetching domain_name 0.6.20231109 (was 0.5.20190701)
Using tty-screen 0.8.1
Using tty-cursor 0.7.1
Using nanaimo 0.3.0
Using rouge 2.0.7
Using CFPropertyList 3.0.6
Fetching aws-sigv4 1.6.1 (was 1.6.0)
Using word_wrap 1.0.0
Using commander 4.6.0
Using faraday-multipart 1.0.4
Using representable 3.2.0
Using simctl 1.6.10
Using tty-spinner 0.9.3
Using xcodeproj 1.23.0
Using xcpretty 0.3.0
Using faraday 1.10.3
Installing yaml 0.3.0 (was 0.2.1)
Using faraday_middleware 1.2.0
Using google-cloud-env 1.6.0
Using xcpretty-travis-formatter 1.0.1
Using google-cloud-core 1.6.0
Installing public_suffix 5.0.4 (was 5.0.3)
Installing aws-partitions 1.853.0 (was 1.828.0)
Fetching arkana 1.5.0 (was 1.4.0)
Installing aws-sigv4 1.6.1 (was 1.6.0)
Installing unicode-display_width 2.5.0 (was 2.4.2)
Using addressable 2.8.5
Using signet 0.18.0
Using googleauth 1.8.1
Fetching google-apis-core 0.11.2 (was 0.11.1)
Using terminal-table 3.0.2
Fetching aws-sdk-core 3.187.0 (was 3.183.1)
Installing domain_name 0.6.20231109 (was 0.5.20190701)
Installing excon 0.104.0 (was 0.103.0)
Using http-cookie 1.0.5
Using faraday-cookie_jar 0.0.7
Installing google-apis-core 0.11.2 (was 0.11.1)
Using google-apis-playcustomapp_v1 0.13.0
Using google-apis-iamcredentials_v1 0.17.0
Fetching google-apis-androidpublisher_v3 0.52.0 (was 0.50.0)
Fetching google-apis-storage_v1 0.29.0 (was 0.19.0)
Installing aws-sdk-core 3.187.0 (was 3.183.1)
Installing google-apis-storage_v1 0.29.0 (was 0.19.0)
Installing google-apis-androidpublisher_v3 0.52.0 (was 0.50.0)
Fetching google-cloud-storage 1.45.0 (was 1.44.0)
Fetching aws-sdk-kms 1.72.0 (was 1.71.0)
Installing google-cloud-storage 1.45.0 (was 1.44.0)
Installing aws-sdk-kms 1.72.0 (was 1.71.0)
Installing arkana 1.5.0 (was 1.4.0)
Fetching aws-sdk-s3 1.137.0 (was 1.135.0)
Installing aws-sdk-s3 1.137.0 (was 1.135.0)
Fetching fastlane 2.217.0 (was 2.216.0)
Installing fastlane 2.217.0 (was 2.216.0)
Bundle updated!

What could be the issue, please?

Make available via Homebrew

Feature request: make available via homebrew. The main reason I am suggesting this is because it would make using Arkana easier when using Xcode cloud.

Bundler is not installed by default on Xcode Cloud and running gem install arkana requires both to specify not the latest version (1.4.0) due to outdated ruby by default on Xcode Cloud, but also requires a workaround since running gem install requires sudo by default. If Arkana was available via homebrew, if I understand correctly, both of these issues could be averted.

I admitably know very little about what it would take do to this, but just throwing out the idea.