├── src
├── @orb.yml
├── examples
│ ├── install_specific_version.yml
│ ├── use_cli.yml
│ ├── override_shell_other_orbs.yml
│ ├── env_export_command.yml
│ ├── run_command_with_secrets.yml
│ └── override_shell_run_command.yml
└── commands
│ ├── exec.yml
│ ├── env-export.yml
│ └── install.yml
├── .github
└── workflows
│ └── bump-version.yml
├── README.md
├── .circleci
└── config.yml
└── LICENSE
/src/@orb.yml:
--------------------------------------------------------------------------------
1 | version: 2.1
2 |
3 | description: |
4 | Load secrets from SecretHub into your CircleCI jobs.
5 |
6 | To authenticate, create a SecretHub service account with read access and configure the credential as "SECRETHUB_CREDENTIAL" in your CircleCI project settings or Context environment variables.
7 | More info: https://secrethub.io/docs/reference/cli/service/
8 |
9 | display:
10 | home_url: "https://secrethub.io/"
11 | source_url: "https://github.com/secrethub/secrethub-circleci-orb"
12 |
--------------------------------------------------------------------------------
/src/examples/install_specific_version.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Install a specific version of the SecretHub CLI.
3 |
4 | usage:
5 | version: 2.1
6 |
7 | orbs:
8 | secrethub: secrethub/cli@x.y.z
9 |
10 | jobs:
11 | deploy:
12 | docker:
13 | - image: cimg/base:stable
14 | steps:
15 | - checkout
16 | - secrethub/install:
17 | version: 0.35.0
18 | - run: secrethub --version
19 |
20 | workflows:
21 | deploy:
22 | jobs:
23 | - deploy
24 |
--------------------------------------------------------------------------------
/src/examples/use_cli.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Install the SecretHub CLI and use it in your command.
3 |
4 | usage:
5 | version: 2.1
6 |
7 | orbs:
8 | secrethub: secrethub/cli@x.y.z
9 |
10 | jobs:
11 | publish-docker:
12 | docker:
13 | - image: cimg/base:stable
14 | steps:
15 | - checkout
16 | - setup_remote_docker
17 | - secrethub/install
18 | - run: |
19 | docker login -u $(secrethub read company/app/docker/username) -p $(secrethub read company/app/docker/password)
20 | docker build -t company/app:${CIRCLE_SHA1:0:7} .
21 | docker push company/app:${CIRCLE_SHA1:0:7}
22 |
23 | workflows:
24 | deploy:
25 | jobs:
26 | - publish-docker
27 |
--------------------------------------------------------------------------------
/src/examples/override_shell_other_orbs.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Install the SecretHub CLI and set it as the shell on the job level.
3 | This way, you can also inject secrets into other orbs.
4 |
5 | usage:
6 | version: 2.1
7 |
8 | orbs:
9 | aws-cli: circleci/aws-cli@x.y.z
10 | secrethub: secrethub/cli@x.y.z
11 |
12 | jobs:
13 | deploy:
14 | executor: aws-cli/default
15 | shell: secrethub run -- /bin/bash
16 | environment:
17 | AWS_DEFAULT_REGION: us-east-1
18 | AWS_ACCESS_KEY_ID: secrethub://company/app/aws/access_key_id
19 | AWS_SECRET_ACCESS_KEY: secrethub://company/app/aws/secret_access_key
20 | steps:
21 | - secrethub/install
22 | - checkout
23 | - aws-cli/setup
24 |
25 | workflows:
26 | deploy:
27 | jobs:
28 | - deploy
29 |
--------------------------------------------------------------------------------
/.github/workflows/bump-version.yml:
--------------------------------------------------------------------------------
1 | on:
2 | push:
3 | branches:
4 | - release/v*
5 |
6 | jobs:
7 | bump-version:
8 | name: Bump version in YAML
9 | runs-on: ubuntu-latest
10 | steps:
11 | - name: Checkout
12 | uses: actions/checkout@v2
13 | - name: Bump version in orb commands
14 | uses: florisvdg/action-version-bump@v0.1.0
15 | with:
16 | sed: 's/\(SECRETHUB_APP_INFO_VERSION: \).*/\1$VERSION/g'
17 | file: src/commands/exec.yml src/commands/env-export.yml
18 | author_email: bender.github@secrethub.io
19 | - name: Bump version in README examples
20 | uses: florisvdg/action-version-bump@v0.1.0
21 | with:
22 | sed: 's/\(secrethub: secrethub\/cli@\).*/\1$VERSION/g'
23 | file: README.md
24 | author_email: bender.github@secrethub.io
25 |
--------------------------------------------------------------------------------
/src/examples/env_export_command.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Use the secrethub/env-export command to load a secret and make it available as an environment variable for next steps in the job.
3 | This is useful for providing an orb job with secrets as pre-step to the job.
4 |
5 | Note: Unlike the secrethub/exec command, the secrethub/env-export does NOT mask secrets from the logs.
6 |
7 | usage:
8 | version: 2.1
9 |
10 | orbs:
11 | secrethub: secrethub/cli@x.y.z
12 | docker: circleci/docker@x.y.z
13 |
14 | workflows:
15 | publish:
16 | jobs:
17 | - docker/publish:
18 | image: company/app
19 | pre-steps:
20 | - secrethub/export-env:
21 | var-name: DOCKER_LOGIN
22 | secret-path: company/app/docker/username
23 | - secrethub/env-export:
24 | var-name: DOCKER_PASSWORD
25 | secret-path: company/app/docker/password
26 |
--------------------------------------------------------------------------------
/src/examples/run_command_with_secrets.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Use the secrethub/exec command to automatically install the SecretHub CLI, load secrets on demand and execute a command that needs the secrets.
3 | Secrets that are (accidentally) logged will be masked.
4 |
5 | usage:
6 | version: 2.1
7 |
8 | orbs:
9 | secrethub: secrethub/cli@x.y.z
10 |
11 | jobs:
12 | deploy:
13 | docker:
14 | - image: cimg/base:stable
15 | environment:
16 | AWS_REGION: us-east-1
17 | AWS_ACCESS_KEY_ID: secrethub://company/app/aws/access_key_id
18 | AWS_SECRET_ACCESS_KEY: secrethub://company/app/aws/secret_access_key
19 | steps:
20 | - checkout
21 | - secrethub/exec:
22 | command: |
23 | echo "This value will be masked: $AWS_ACCESS_KEY_ID"
24 | echo "This value will be masked: $AWS_SECRET_ACCESS_KEY"
25 | ./deploy-my-app.sh
26 |
27 | workflows:
28 | deploy:
29 | jobs:
30 | - deploy
31 |
--------------------------------------------------------------------------------
/src/commands/exec.yml:
--------------------------------------------------------------------------------
1 | description: Run a command with secret environment variables loaded from SecretHub
2 | parameters:
3 | command:
4 | type: string
5 | description: Command to execute with secrets
6 | step-name:
7 | type: string
8 | default: ''
9 | description: Title of the step to show in the CircleCI UI
10 | version:
11 | type: string
12 | default: '0.38.0'
13 | description: Version of the SecretHub CLI
14 | flags:
15 | type: string
16 | default: ''
17 | description: Flags to pass to the `secrethub run` command
18 |
19 | steps:
20 | - install:
21 | version: << parameters.version >>
22 | - run:
23 | name: << parameters.step-name >>
24 | command: secrethub run << parameters.flags >> -- $SHELL -c '<< parameters.command >>'
25 | environment:
26 | SECRETHUB_RUN_NO_PROMPT: true
27 | SECRETHUB_APP_INFO_NAME: secrethub-circleci-orb
28 | # Version is automatically bumped on release branches
29 | SECRETHUB_APP_INFO_VERSION: 1.1.0
30 |
--------------------------------------------------------------------------------
/src/examples/override_shell_run_command.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Install the SecretHub CLI and set it as the shell on the run command level.
3 | The secrets will be loaded on demand and are available during the execution of the command.
4 | Secrets that are (accidentally) logged will be masked.
5 |
6 | usage:
7 | version: 2.1
8 |
9 | orbs:
10 | secrethub: secrethub/cli@x.y.z
11 |
12 | jobs:
13 | deploy:
14 | docker:
15 | - image: cimg/base:stable
16 | steps:
17 | - secrethub/install
18 | - checkout
19 | - run:
20 | shell: secrethub run -- /bin/bash
21 | environment:
22 | AWS_ACCESS_KEY_ID: secrethub://company/app/aws/access_key_id
23 | AWS_SECRET_ACCESS_KEY: secrethub://company/app/aws/secret_access_key
24 | command: |
25 | echo "This value will be masked: $AWS_ACCESS_KEY_ID"
26 | echo "This value will be masked: $AWS_SECRET_ACCESS_KEY"
27 | ./deploy-my-app.sh
28 |
29 | workflows:
30 | deploy:
31 | jobs:
32 | - deploy
33 |
--------------------------------------------------------------------------------
/src/commands/env-export.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Load a secret and make it available as an environment variable for next steps in the job.
3 | Note: Unlike the secrethub/exec command, secrethub/env-export does NOT mask secrets from the logs.
4 | parameters:
5 | var-name:
6 | type: string
7 | description: Name of the environment variable to populate with the secret
8 | secret-path:
9 | type: string
10 | description: Path where the secret is stored on SecretHub
11 | version:
12 | type: string
13 | default: '0.38.0'
14 | description: Version of the SecretHub CLI
15 |
16 | steps:
17 | - install:
18 | version: << parameters.version >>
19 | - run:
20 | name: Load secret << parameters.var-name >>
21 | command: |
22 | random_heredoc_identifier=$(cat /dev/urandom | env LC_ALL=C tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1) || true
23 | printf 'export << parameters.var-name >>=$(cat \<<' >> $BASH_ENV
24 | printf "${random_heredoc_identifier}\n" >> $BASH_ENV
25 | secrethub read << parameters.secret-path >> >> $BASH_ENV
26 | printf "${random_heredoc_identifier}\n)\n" >> $BASH_ENV
27 | environment:
28 | SECRETHUB_APP_INFO_NAME: secrethub-circleci-orb
29 | # Version is automatically bumped on release branches
30 | SECRETHUB_APP_INFO_VERSION: 1.1.0
31 |
--------------------------------------------------------------------------------
/src/commands/install.yml:
--------------------------------------------------------------------------------
1 | description: >
2 | Install the SecretHub CLI.
3 | parameters:
4 | version:
5 | type: string
6 | default: "0.36.0"
7 | description: "Version of the SecretHub CLI"
8 | path:
9 | type: string
10 | default: /usr/local/bin
11 | description: "Path to install SecretHub CLI to"
12 | shell:
13 | type: string
14 | default: /bin/sh
15 | description: "The shell used to run the install script"
16 |
17 | steps:
18 | - run:
19 | name: "Ensure SecretHub CLI is installed"
20 | shell: << parameters.shell >>
21 | environment:
22 | SECRETHUB_CLI_VERSION: << parameters.version >>
23 | command: |
24 |
25 | set -e
26 |
27 | # Colors
28 | NO_COLOR="\033[0m"
29 | OK_COLOR="\033[32;01m"
30 | ERROR_COLOR="\033[31;01m"
31 | WARN_COLOR="\033[33;01m"
32 |
33 | # Detect Architecture
34 | ARCH=amd64
35 | if [ $(getconf LONG_BIT) = 32 ]; then
36 | ARCH=386
37 | fi
38 |
39 | # Detect OS
40 | UNAME=$(uname)
41 | if [ "$UNAME" = "Darwin" ]; then
42 | OS=darwin
43 | elif [ "$UNAME" = "Linux" ]; then
44 | OS=linux
45 | else
46 | echo -e "${ERROR_COLOR}Cannot determine OS type. Exiting...${NO_COLOR}"
47 | exit;
48 | fi
49 |
50 | # Make sure we have root priviliges.
51 | SUDO=""
52 | if [ $(id -u) -ne 0 ]; then
53 | if ! [ $(command -v sudo) ]; then
54 | echo -e "${ERROR_COLOR}Installer requires root privileges. Please run this script as root.${NO_COLOR}"
55 | exit;
56 | fi
57 |
58 | SUDO="sudo"
59 | fi
60 |
61 | echo -e "${OK_COLOR}==> Creating directories${NO_COLOR}"
62 | $SUDO mkdir -p /usr/local/secrethub/bin
63 |
64 | if [ "${SECRETHUB_CLI_VERSION:-latest}" != "latest" ]; then
65 | VERSION=v${SECRETHUB_CLI_VERSION}
66 | else
67 | # Retrieve latest version
68 | echo -e "${OK_COLOR}==> Retrieving latest version${NO_COLOR}"
69 | VERSION=$(curl --silent "https://api.github.com/repos/secrethub/secrethub-cli/releases/latest" | grep tag_name | awk -F\" '{ print $4 }')
70 | fi
71 |
72 | # Exit if version is already installed
73 | if command -v secrethub >/dev/null 2>&1 && secrethub --version 2>&1 | cut -d "," -f 1 | grep -q "$(echo $VERSION | cut -c 2-)$"; then
74 | echo -e "${OK_COLOR}==> Version ${VERSION} is already installed${NO_COLOR}"
75 | exit 0
76 | fi
77 |
78 | echo -e "${OK_COLOR}==> Downloading version ${VERSION}${NO_COLOR}"
79 | ARCHIVE_NAME=secrethub-$VERSION-$OS-$ARCH
80 | LINK_TAR=https://github.com/secrethub/secrethub-cli/releases/download/$VERSION/$ARCHIVE_NAME.tar.gz
81 |
82 | curl -fsSL $LINK_TAR | $SUDO tar -xz -C /usr/local/secrethub;
83 |
84 | # symlink in the PATH
85 | $SUDO ln -sf /usr/local/secrethub/bin/secrethub /usr/local/bin/secrethub
86 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | 
SecretHub has joined 1Password! Find out more on the SecretHub blog. 🎉
4 |
5 |
6 |
7 |
8 | 
9 |
10 |
11 |
12 |
13 | 
14 | 
15 |
16 |
17 |
18 |
19 | CircleCI Orb 
20 |
21 |
22 | [](https://circleci.com/gh/secrethub/secrethub-circleci-orb)
23 | [](https://github.com/secrethub/secrethub-circleci-orb/releases/latest)
24 | [](https://discord.gg/NWmxVeb)
25 |
26 | No more copy-pasting sensitive values into a GUI. Securely load secrets into CircleCI and sync them automatically.
27 |
28 | This Orb is officially supported and actively maintained by SecretHub, but community contributions are very welcome.
29 |
30 | ## Usage
31 |
32 | To execute a command that needs secrets, replace your CircleCI `run` command with `secrethub/exec`.
33 | You can make secrets available to your command as environment variables by referencing their SecretHub path, prefixed by `secrethub://`:
34 |
35 | ```yml
36 | version: 2.1
37 | orbs:
38 | secrethub: secrethub/cli@1.1.0
39 |
40 | jobs:
41 | deploy:
42 | docker:
43 | - image: cimg/base:stable
44 | environment:
45 | AWS_ACCESS_KEY_ID: secrethub://company/app/aws/access_key_id
46 | AWS_SECRET_ACCESS_KEY: secrethub://company/app/aws/secret_access_key
47 | steps:
48 | - checkout
49 | - secrethub/exec:
50 | command: |
51 | echo "This value will be masked: $AWS_ACCESS_KEY_ID"
52 | echo "This value will be masked: $AWS_SECRET_ACCESS_KEY"
53 | ./deploy-my-app.sh
54 | workflows:
55 | deploy:
56 | jobs:
57 | - deploy
58 | ```
59 |
60 | Alternatively, you can set the `shell` of the native CircleCI `run` command:
61 |
62 | ```yml
63 | version: 2.1
64 | orbs:
65 | secrethub: secrethub/cli@1.1.0
66 |
67 | jobs:
68 | deploy:
69 | docker:
70 | - image: cimg/base:stable
71 | steps:
72 | - secrethub/install
73 | - checkout
74 | - run:
75 | shell: secrethub run -- /bin/bash
76 | environment:
77 | AWS_ACCESS_KEY_ID: secrethub://company/app/aws/access_key_id
78 | AWS_SECRET_ACCESS_KEY: secrethub://company/app/aws/secret_access_key
79 | command: |
80 | echo "This value will be masked: $AWS_ACCESS_KEY_ID"
81 | echo "This value will be masked: $AWS_SECRET_ACCESS_KEY"
82 | ./deploy-my-app.sh
83 | workflows:
84 | deploy:
85 | jobs:
86 | - deploy
87 | ```
88 |
89 | You can either set the shell on the `run` command level, or you can set it on the `job` level to use it for every step in the job.
90 | That way you can also load secrets into other orbs:
91 |
92 | ```yml
93 | version: 2.1
94 | orbs:
95 | aws-cli: circleci/aws-cli@0.1.20
96 | secrethub: secrethub/cli@1.1.0
97 |
98 | jobs:
99 | deploy:
100 | executor: aws-cli/default
101 | shell: secrethub run -- /bin/bash
102 | environment:
103 | AWS_DEFAULT_REGION: us-east-1
104 | AWS_ACCESS_KEY_ID: secrethub://company/app/aws/access_key_id
105 | AWS_SECRET_ACCESS_KEY: secrethub://company/app/aws/secret_access_key
106 | steps:
107 | - secrethub/install
108 | - checkout
109 | - aws-cli/setup
110 |
111 | workflows:
112 | deploy:
113 | jobs:
114 | - deploy
115 | ```
116 |
117 | See the [src/examples](./src/examples/) directory for more examples.
118 |
119 | ## Masking
120 |
121 | When using either the `secrethub/exec` orb command or the `secrethub run` shell wrapper, all secrets are automatically masked from the CI log output.
122 | If secrets (accidentally) get logged, they will be replaced with:
123 |
124 | ```
125 |
126 | ```
127 |
128 | ## Authentication
129 |
130 | For your CircleCI jobs to authenticate to SecretHub and decrypt the secrets they need, [create a SecretHub service account](https://secrethub.io/docs/reference/cli/service/), give it [read access](https://secrethub.io/docs/reference/cli/acl/) to the secrets it needs, and configure the credential as `SECRETHUB_CREDENTIAL` in your CircleCI project settings or Context environment variables.
131 |
--------------------------------------------------------------------------------
/.circleci/config.yml:
--------------------------------------------------------------------------------
1 | version: 2.1
2 |
3 | orbs:
4 | orb-tools: circleci/orb-tools@9.0.0
5 | # Integration tests
6 | secrethub: secrethub/cli@<>
7 | aws-cli: circleci/aws-cli@0.1.22
8 |
9 | parameters:
10 | run-integration-tests:
11 | type: boolean
12 | default: false
13 | description: >
14 | Whether or not to run the orb integration tests. Defaults to false to make sure a dev orb version of the latest commit gets published first.
15 | The 'orb-tools/trigger-integration-tests-workflow' job kicks off the integration tests, by triggering a new workflow with this parameter set to 'true'.
16 | dev-orb-version:
17 | type: string
18 | default: "dev:alpha"
19 | description: >
20 | The SecretHub dev orb version to use in the integration tests. Default is "dev:alpha" for the initial config validation to pass.
21 | The 'orb-tools/trigger-integration-tests-workflow' job will override this parameter with "dev:${CIRCLE_SHA1:0:7}", so that the integration tests
22 | are always ran with the correct orb code. The scheduled 'keep-dev-orb' workflow will make sure the dev:alpha orb doesn't expire.
23 |
24 | orb_promotion_filters: &orb_promotion_filters
25 | branches:
26 | ignore: /.*/
27 | tags:
28 | only: /^v[0-9]+\.[0-9]+\.[0-9]+$/
29 |
30 | jobs:
31 | test-integration-exec:
32 | docker:
33 | - image: cimg/base:stable
34 | environment:
35 | SECRET: secrethub://company/app/secret
36 | steps:
37 | - checkout
38 | - secrethub/exec:
39 | step-name: Validate if secret is set correctly
40 | command: |
41 | if [ $SECRET != "DDXLKkBhprQgW7w7OFsM8y" ]; then
42 | echo "secret is not correctly set"
43 | exit 1
44 | fi
45 | test-integration-other-orb:
46 | executor: aws-cli/default
47 | shell: secrethub run -- /bin/bash
48 | environment:
49 | AWS_DEFAULT_REGION: us-east-1
50 | AWS_ACCESS_KEY_ID: secrethub://company/app/aws/access_key_id
51 | AWS_SECRET_ACCESS_KEY: secrethub://company/app/aws/secret_access_key
52 | steps:
53 | - secrethub/install
54 | - checkout
55 | - aws-cli/setup
56 | test-integration-env-export:
57 | docker:
58 | - image: cimg/base:stable
59 | steps:
60 | - checkout
61 | - secrethub/env-export:
62 | var-name: SECRET
63 | secret-path: company/app/secret
64 | - run:
65 | name: Validate if secret is set correctly
66 | command: |
67 | if [ $SECRET != "DDXLKkBhprQgW7w7OFsM8y" ]; then
68 | echo "secret is not correctly set"
69 | exit 1
70 | fi
71 | - secrethub/env-export:
72 | var-name: MULTILINE_SECRET
73 | secret-path: company/app/multiline_secret
74 | - run:
75 | name: Validate if multiline secret is set correctly
76 | environment:
77 | MULTILINE_SECRET_EXPECTED: |-
78 | 4dAXbmYWiLkyYpExLnhGRD9wA7
79 | rsrNbNYprQZHz8Vtgu4fJezGDB
80 | command: |
81 | if [ "$MULTILINE_SECRET" != "$MULTILINE_SECRET_EXPECTED" ]; then
82 | echo "secret is not correctly set"
83 | exit 1
84 | fi
85 |
86 | workflows:
87 | validate_publish-dev:
88 | unless: << pipeline.parameters.run-integration-tests >>
89 | jobs:
90 | - orb-tools/lint
91 | - orb-tools/pack
92 | - orb-tools/publish-dev:
93 | orb-name: secrethub/cli
94 | context: publish-orb-dev
95 | publish-alpha-version: true
96 | publish-sha-version: true
97 | requires:
98 | - orb-tools/lint
99 | - orb-tools/pack
100 | - orb-tools/trigger-integration-tests-workflow:
101 | name: trigger-integration-tests
102 | context: publish-orb-dev
103 | requires:
104 | - orb-tools/publish-dev
105 |
106 | test-integration:
107 | when: << pipeline.parameters.run-integration-tests >>
108 | jobs:
109 | - test-integration-exec
110 | - test-integration-other-orb
111 | - test-integration-env-export
112 |
113 | # Republish the dev:alpha orb every month to ensure new pipelines don't get rejected due to expired dev orbs.
114 | keep-dev-orb:
115 | triggers:
116 | - schedule:
117 | cron: "0 0 1 * *"
118 | filters:
119 | branches:
120 | only:
121 | - master
122 | jobs:
123 | - orb-tools/pack
124 | - orb-tools/publish-dev:
125 | orb-name: secrethub/cli
126 | context: publish-orb-dev
127 | publish-alpha-version: true
128 | publish-sha-version: false
129 | requires:
130 | - orb-tools/pack
131 |
132 | publish-to-registry:
133 | unless: << pipeline.parameters.run-integration-tests >>
134 | jobs:
135 | - approve:
136 | type: approval
137 | filters: *orb_promotion_filters
138 | - orb-tools/dev-promote-prod-from-git-tag:
139 | name: publish-to-registry
140 | orb-name: secrethub/cli
141 | context: publish-orb-prd
142 | add-pr-comment: false
143 | major-release-tag-regex: '^v[1-9][0-9]*\.0\.0+$'
144 | minor-release-tag-regex: '^v[0-9]*\.[1-9][0-9]*\.0+$'
145 | patch-release-tag-regex: '^v[0-9]*\.[0-9]*\.[1-9][0-9]*$'
146 | requires:
147 | - approve
148 | filters: *orb_promotion_filters
149 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------