NitorCreations · Esgrove · Jan 15, 2024 · Jan 12, 2024 · Jan 12, 2024 · Jan 12, 2024
diff --git a/.github/workflows/black.yml b/.github/workflows/black.yml
@@ -13,6 +13,9 @@ on:
     branches:
       - master
       - main
+    paths:
+      - "**.py"
+      - ".github/workflows/black.yml"
 
 # https://github.com/psf/black
 jobs:

diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml
@@ -16,6 +16,9 @@ on:
       - master
       - main
 
+env:
+  CARGO_TERM_COLOR: always
+
 # https://github.com/actions-rs/cargo
 jobs:
   cargo:
@@ -30,17 +33,29 @@ jobs:
         with:
           workspaces: ./rust -> target
 
+      - name: Set up cargo cache
+        uses: actions/cache@v3
+        continue-on-error: false
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-
+
+      - name: build
+        working-directory: rust
+        run: cargo build
+
       - name: fmt
         working-directory: rust
-        # workaround for color output
-        env:
-          TERM: xterm-256color
         run: cargo fmt --check --verbose
 
       - name: clippy
         working-directory: rust
-        env:
-          TERM: xterm-256color
         # exit non-zero if there are any warnings
         # https://doc.rust-lang.org/stable/clippy/usage.html
         run: cargo clippy -- -Dwarnings
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -29,9 +29,12 @@ jobs:
         with:
           go-version: "1.21.x"
           cache-dependency-path: go/go.sum
+
       - name: Install dependencies
         run: go get .
+
       - name: Build
         run: go build -v ./...
+
       - name: Test with the Go CLI
         run: go test
diff --git a/.github/workflows/isort.yml b/.github/workflows/isort.yml
@@ -13,6 +13,9 @@ on:
     branches:
       - master
       - main
+    paths:
+      - "**.py"
+      - ".github/workflows/isort.yml"
 
 # https://github.com/marketplace/actions/python-isort
 jobs:

diff --git a/.github/workflows/pip.yml b/.github/workflows/pip.yml
@@ -13,6 +13,9 @@ on:
     branches:
       - master
       - main
+    paths:
+      - "python/requirements.txt"
+      - ".github/workflows/pip.yml"
 
 # https://github.com/py-actions/py-dependency-install
 jobs:

diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml
@@ -13,6 +13,9 @@ on:
     branches:
       - master
       - main
+    paths:
+      - "**.py"
+      - ".github/workflows/ruff.yml"
 
 # https://github.com/chartboost/ruff-action
 jobs:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -18,7 +18,7 @@ repos:
       - id: trailing-whitespace
 
   - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: v0.1.11
+    rev: v0.1.13
     hooks:
       - id: ruff
         name: python ruff

diff --git a/rust/Cargo.lock b/rust/Cargo.lock
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
@@ -1,15 +1,15 @@
 [package]
 name = "nitor-vault"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
+description = "Encrypted AWS key-value storage utility."
+license = "Apache-2.0"
+repository = "https://github.com/nitorcreations/vault"
+keywords = ["secrets", "s3", "cli"]
 authors = [
   "Kalle Ahlström <[email protected]",
   "Akseli Lukkarila <[email protected]>",
 ]
-description = "Encrypted AWS key-value storage"
-license = "Apache-2.0"
-repository = "https://github.com/nitorcreations/vault"
-keywords = ["secrets", "s3"]
 
 [dependencies]
 aes-gcm = "0.10.3"
@@ -18,14 +18,17 @@ aws-config = { version = "1.1.2", features = ["behavior-version-latest"] }
 aws-sdk-cloudformation = "1.11.0"
 aws-sdk-kms = "1.10.0"
 aws-sdk-s3 = "1.12.0"
-base64 = "0.21.5"
-clap = { version = "4.4.13", features = ["derive", "env"] }
+base64 = "0.21.7"
+clap = { version = "4.4.16", features = ["derive", "env"] }
 rand = "0.8.5"
 serde = { version = "1.0.195", features = ["derive"] }
-serde_json = "1.0"
+serde_json = "1.0.111"
 thiserror = "1.0.56"
 tokio = { version = "1", features = ["full"] }
 
 [[bin]]
 name = "vault"
 path = "src/main.rs"
+
+[profile.release]
+lto = true
diff --git a/rust/README.md b/rust/README.md
@@ -23,15 +23,13 @@ cargo build --release
 cargo run --release
 ```
 
-Cargo will output the executable to either
+Depending on which build profile is used, Cargo will output the executable to either:
 
 ```shell
 rust/target/debug/vault
 rust/target/release/vault
 ```
 
-depending on which build profile is used.
-
 ## Install
 
 You can install a release binary locally using [cargo install](https://doc.rust-lang.org/cargo/commands/cargo-install.html).

diff --git a/rust/src/cli.rs b/rust/src/cli.rs
@@ -1,6 +1,7 @@
+use std::io::{stdin, BufRead};
+
 use anyhow::{Context, Result};
 use clap::{Parser, Subcommand};
-use std::io::{stdin, BufRead};
 
 use nitor_vault::Vault;
 
@@ -21,8 +22,8 @@ pub struct Args {
     #[arg(short, long, env = "VAULT_KEY")]
     pub key_arn: Option<String>,
 
-    /// Specify AWS region to use
-    #[arg(short, long, help = "Specify AWS region for the bucket")]
+    /// Specify AWS region for the bucket
+    #[arg(short, long, env = "AWS_REGION")]
     pub region: Option<String>,
 
     /// Optional CloudFormation stack to lookup key and bucket

diff --git a/rust/src/errors.rs b/rust/src/errors.rs
@@ -1,3 +1,5 @@
+use std::string::FromUtf8Error;
+
 use aws_sdk_cloudformation::error::SdkError;
 use aws_sdk_cloudformation::operation::describe_stacks::DescribeStacksError;
 use aws_sdk_kms::operation::decrypt::DecryptError;
@@ -7,7 +9,6 @@ use aws_sdk_s3::operation::get_object::GetObjectError;
 use aws_sdk_s3::operation::head_object::HeadObjectError;
 use aws_sdk_s3::operation::list_objects_v2::ListObjectsV2Error;
 use aws_sdk_s3::operation::put_object::PutObjectError;
-use std::string::FromUtf8Error;
 use thiserror::Error;
 
 #[derive(Debug, Error)]

diff --git a/rust/src/lib.rs b/rust/src/lib.rs
@@ -1,3 +1,6 @@
+use std::env;
+use std::fmt;
+
 use aes_gcm::aead::{Aead, Payload};
 use aes_gcm::aes::{cipher, Aes256};
 use aes_gcm::{AesGcm, KeyInit, Nonce};
@@ -16,8 +19,6 @@ use base64::{engine::general_purpose, Engine as _};
 use errors::VaultError;
 use rand::Rng;
 use serde::{Deserialize, Serialize};
-use std::env;
-use std::fmt;
 use tokio::try_join;
 
 pub mod errors;

diff --git a/rust/src/main.rs b/rust/src/main.rs
@@ -15,11 +15,11 @@ async fn main() -> Result<()> {
             args.region.as_deref(),
         )
         .await
-        .with_context(|| "Failed to create vault from given params.".to_string())?
+        .context("Failed to create vault from given params.")?
     } else {
         Vault::new(args.vault_stack.as_deref(), args.region.as_deref())
             .await
-            .with_context(|| "Failed to create vault.".to_string())?
+            .context("Failed to create vault.")?
     };
 
     // Handle subcommands