create first vault as part of configure

Author: jszobody

README.md

@@ -17,46 +17,50 @@
 
 The package provides a secure, organized way to manage application secrets without storing them in version control or sharing them insecurely.
 
-## Installation
+## Quick Start
 
-You can install the package via composer:
+### Install and configure Keep
+
+Install the package via composer:
 
 ```bash
 composer require stechstudio/laravel-keep
 ```
 
-## Quick Example
+This will install a command in your `vendor/bin` directory called `keep`. Run `keep configure` to configure Keep and your first vault.
 
-Let's say you have three environments (local, staging, production) and you want to store secrets in AWS SSM Parameter Store with the default KMS encryption key, in the `us-east-1` region. (You can also use AWS Secrets Manager - see configuration docs for details.)
+```bash
+./vendor/bin/keep configure
+```
 
-### Setup
+You should now have Keep configured with a default vault. Run `keep verify` to check your setup and ensure you have necessary permissions.
 
-1. Install the package via composer (as shown above).
-2. Ensure you have AWS credentials configured in your environment, with permissions to access SSM Parameter Store (see docs for full example).
-3. Run `php artisan keep:verify` to check your setup, verify your vault configuration, and ensure you have necessary permissions.
+```bash
+./vendor/bin/keep verify
+```
 
 ### Manage secrets
 
-You can add secrets using the artisan command:
+You can add secrets using `keep set`:
 
 ```bash
 # You will be prompted for the stage and secret value
-php artisan keep:set DB_PASSWORD
+./vendor/bin/keep set DB_PASSWORD
 
 # Or specify the stage and value directly
-php artisan keep:set DB_PASSWORD --stage=production --value="supersecretpassword"
+./vendor/bin/keep set DB_PASSWORD --stage=production --value="supersecretpassword"
 ```
 
-This will store the `DB_PASSWORD` secret in AWS SSM under the path `/[app-name-slug]/production/DB_PASSWORD`.
+This will store the `DB_PASSWORD` secret in AWS SSM under the path `/[namespace]/production/DB_PASSWORD`.
 
 Check that the secret was added:
 
 ```bash
 # Retrieve a single secret
-php artisan keep:get DB_PASSWORD --stage=production
+./vendor/bin/keep get DB_PASSWORD --stage=production
 
 # List all secrets for production
-php artisan keep:list --stage=production
+./vendor/bin/keep list --stage=production
 ```
 
 ### Using secrets in your application
@@ -66,7 +70,7 @@ php artisan keep:list --stage=production
 If 100% of your .env variables are managed via Keep, you can export them all to a .env file as part of your deployment process:
 
 ```bash
-php artisan keep:export --stage=production --output=.env
+./vendor/bin/keep export --stage=production --output=.env
 ```
 
 #### Merge secrets into a base template `.env` file
@@ -85,7 +89,7 @@ DB_PASSWORD={ssm:DB_PASSWORD} # or just {ssm} since the key matches the variable
 Then run the merge command:
 
 ```bash
-php artisan keep:merge --template=.env.base --output=.env --stage=production
+./vendor/bin/keep merge --template=.env.base --output=.env --stage=production
 ```
 
 You will now have a `.env` file with all the values from the template and the secrets filled in.

src/Commands/Concerns/ConfiguresVaults.php

@@ -0,0 +1,133 @@
+<?php
+
+namespace STS\Keep\Commands\Concerns;
+
+use function Laravel\Prompts\text;
+use function Laravel\Prompts\select;
+use function Laravel\Prompts\info;
+use function Laravel\Prompts\error;
+
+trait ConfiguresVaults
+{
+    protected function configureNewVault(): ?array
+    {
+        // Get available vault classes and build options
+        $availableVaults = $this->manager->getAvailableVaults();
+        $driverOptions = [];
+        $vaultClassMap = [];
+        
+        foreach ($availableVaults as $vaultClass) {
+            $driver = $vaultClass::DRIVER;
+            $name = $vaultClass::NAME;
+            $driverOptions[$driver] = $name;
+            $vaultClassMap[$driver] = $vaultClass;
+        }
+        
+        $selectedDriver = select(
+            label: 'Which vault driver would you like to use?',
+            options: $driverOptions
+        );
+        
+        $selectedVaultClass = $vaultClassMap[$selectedDriver];
+        
+        // Generate default slug and check for uniqueness
+        $defaultSlug = $this->generateUniqueSlug($selectedDriver);
+        
+        $slug = text(
+            label: 'Driver slug (used in template placeholders)',
+            default: $defaultSlug,
+            hint: 'Short identifier used in secret templates like {vault:DB_PASSWORD}'
+        );
+        
+        // Validate slug uniqueness
+        $existingVaults = $this->manager->getConfiguredVaults();
+        if (isset($existingVaults[$slug])) {
+            error("A vault with slug '{$slug}' already exists!");
+            return null;
+        }
+        
+        // Get friendly name
+        $friendlyName = text(
+            label: 'Friendly name for this vault',
+            default: $selectedVaultClass::NAME,
+            hint: 'A descriptive name to identify this vault configuration'
+        );
+        
+        // Configure the specific vault using dynamic prompts
+        $vaultConfig = $this->configureVaultSettings($selectedVaultClass, $friendlyName);
+        
+        if (!$vaultConfig) {
+            error('Failed to configure vault');
+            return null;
+        }
+        
+        // Save the vault configuration
+        $this->saveVaultConfig($slug, $vaultConfig);
+        
+        // Set as default vault if none exists
+        if (empty($this->manager->getSetting('default_vault'))) {
+            info("Setting '{$slug}' as your default vault since you don't have one yet.");
+            $this->setDefaultVault($slug);
+        }
+        
+        info("✅ {$friendlyName} vault '{$slug}' configured successfully");
+        
+        return ['slug' => $slug, 'config' => $vaultConfig];
+    }
+    
+    private function generateUniqueSlug(string $driver): string
+    {
+        $existingVaults = $this->manager->getConfiguredVaults();
+        
+        // If the driver doesn't exist, use it as-is
+        if (!isset($existingVaults[$driver])) {
+            return $driver;
+        }
+        
+        // Find a unique numbered suffix
+        $counter = 2;
+        while (isset($existingVaults["{$driver}{$counter}"])) {
+            $counter++;
+        }
+        
+        return "{$driver}{$counter}";
+    }
+    
+    private function configureVaultSettings(string $vaultClass, string $friendlyName): ?array
+    {
+        info("Configuring {$friendlyName}...");
+        
+        // Get dynamic prompts from the vault class
+        $prompts = $vaultClass::configure();
+        $config = [
+            'driver' => $vaultClass::DRIVER,
+            'name' => $friendlyName
+        ];
+
+        // Process each prompt
+        foreach ($prompts as $key => $prompt) {
+            $value = $prompt->prompt();
+            
+            // Only store non-empty values
+            if ($value !== '') {
+                $config[$key] = $value;
+            }
+        }
+        
+        return $config;
+    }
+    
+    private function saveVaultConfig(string $name, array $config): void
+    {
+        $vaultPath = getcwd() . "/.keep/vaults/{$name}.json";
+        file_put_contents($vaultPath, json_encode($config, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
+    }
+    
+    private function setDefaultVault(string $vaultName): void
+    {
+        $settingsPath = getcwd() . '/.keep/settings.json';
+        $settings = json_decode(file_get_contents($settingsPath), true);
+        $settings['default_vault'] = $vaultName;
+        file_put_contents($settingsPath, json_encode($settings, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
+    }
+}

src/Commands/ConfigureCommand.php

@@ -3,13 +3,17 @@
 namespace STS\Keep\Commands;
 
 use Illuminate\Support\Str;
+use STS\Keep\Commands\Concerns\ConfiguresVaults;
 use function Laravel\Prompts\text;
 use function Laravel\Prompts\multiselect;
 use function Laravel\Prompts\info;
 use function Laravel\Prompts\note;
+use function Laravel\Prompts\confirm;
 
 class ConfigureCommand extends BaseCommand
 {
+    use ConfiguresVaults;
+    
     protected $signature = 'configure';
     protected $description = 'Configure Keep settings for your project';
 
@@ -41,14 +45,14 @@ protected function process()
         $stages = multiselect(
             label: 'Which environments/stages do you want to manage secrets for?',
             options: [
-                'development' => 'Development (local dev)',
+                'local' => 'Local (development)',
                 'qa' => 'QA (test team validation)',
                 'uat' => 'UAT (stakeholder testing)',
                 'staging' => 'Staging (pre-production)',
                 'sandbox' => 'Sandbox (demos / experiments)',
                 'production' => 'Production (live)'
             ],
-            default: $existingSettings['stages'] ?? ['development', 'staging', 'production'],
+            default: $existingSettings['stages'] ?? ['local', 'staging', 'production'],
             scroll: 6,
             hint: 'You can add more later. Toggle with space bar, confirm with enter.',
         );
@@ -59,13 +63,29 @@ protected function process()
 
         info('✅ Configuration updated successfully!');
 
-        // Show next steps
-        if (empty($this->manager->getConfiguredVaults())) {
-            note('Next steps:');
-            note('• Add your first vault: keep vault:add');
-            note('• Set your first secret: keep set MY_SECRET');
+        // Offer to create first vault if none exist (but not in non-interactive mode)
+        if (empty($this->manager->getConfiguredVaults()) && !$this->option('no-interaction')) {
+            info('🗄️  Vault Setup');
+            note('You\'ll need at least one vault to store your secrets.');
+            
+            if (confirm('Would you like to set up your first vault now?', true)) {
+                $result = $this->configureNewVault();
+                
+                if ($result) {
+                    note('🎉 All set! Your Keep configuration is ready to use.');
+                    note('Next step: Set your first secret with: keep set MY_SECRET');
+                } else {
+                    note('No worries! You can add a vault later with: keep vault:add');
+                }
+            } else {
+                note('No worries! You can add a vault later with: keep vault:add');
+            }
         } else {
-            note('Your configuration has been updated.');
+            if (empty($this->manager->getConfiguredVaults())) {
+                note('Next steps:');
+                note('• Add your first vault: keep vault:add');
+                note('• Set your first secret: keep set MY_SECRET');
+            }
         }
     }