bridgetown_credentials 0.1.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +11 -1
- data/README.md +40 -51
- data/lib/bridgetown_credentials/commands/credentials.rb +4 -11
- data/lib/bridgetown_credentials/initializer.rb +15 -0
- data/lib/bridgetown_credentials/version.rb +1 -1
- data/lib/bridgetown_credentials.rb +3 -8
- data/spec/lib/bridgetown_credentials/initializer_spec.rb +12 -0
- data/spec/spec_helper.rb +1 -19
- data.tar.gz.sig +0 -0
- metadata +31 -44
- metadata.gz.sig +0 -0
- data/bridgetown.automation.rb +0 -7
- data/lib/bridgetown_credentials/bridgetown.rb +0 -14
- data/lib/bridgetown_credentials/commands.rb +0 -24
- data/lib/bridgetown_credentials/credentials.rb +0 -60
- data/spec/fixtures/separated/config/credentials/development.yml.enc +0 -1
- data/spec/fixtures/separated/config/credentials/production.yml.enc +0 -1
- data/spec/fixtures/unified/config/credentials/development.yml.enc +0 -1
- data/spec/fixtures/unified/config/credentials/production.yml.enc +0 -1
- data/spec/fixtures/unified/config/credentials.yml.enc +0 -1
- data/spec/lib/bridgetown_credentials/commands_spec.rb +0 -34
- data/spec/lib/bridgetown_credentials/credentials_spec.rb +0 -83
- data/spec/sounds/failure.mp3 +0 -0
- data/spec/sounds/success.mp3 +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 48a5e731ec9aa5a8013fa924f978719d00c0b5fa1bdc36df97fc4b634d112148
|
4
|
+
data.tar.gz: 612674c5689018dba0b60a23872cd337e5042346ebfdd5190267a2d6af198ee9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8472be6d2c391a6620030a8d4f30008251c81f4de60749043502786329e11ba7ae870c50dc11125a5af756ee726596a8d967feb4a3abf4dd156474b9777d5cd6
|
7
|
+
data.tar.gz: fbafb2d27d385efaa7bd45181e71c04fb492c18957984ab6d3250e6953a5c49094ca99bcb1319d83b9148098f6763d1b40660f0c982b2c4fc3cfd32491268312
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/CHANGELOG.md
CHANGED
@@ -2,13 +2,23 @@
|
|
2
2
|
|
3
3
|
Nothing so far
|
4
4
|
|
5
|
+
## 1.0.0
|
6
|
+
|
7
|
+
### Breaking Changes
|
8
|
+
* Switch from ActiveSupport to dry-credentials (see README)
|
9
|
+
|
10
|
+
## 0.2.0
|
11
|
+
|
12
|
+
### Breaking Changes
|
13
|
+
* Update dependency to at least bridgetown-1.2.0 (final)
|
14
|
+
|
5
15
|
## 0.1.1
|
6
16
|
|
17
|
+
### Changes
|
7
18
|
* Fix typo in dependency to Bridgetown
|
8
19
|
|
9
20
|
## 0.1.0
|
10
21
|
|
11
22
|
### Initial implementation
|
12
|
-
|
13
23
|
* Commands `bridgetown credentials edit` and `show`
|
14
24
|
* `Bridgetown.credentials` accessor
|
data/README.md
CHANGED
@@ -7,7 +7,7 @@
|
|
7
7
|
|
8
8
|
This plugin adds Rails-like encrypted credentials to Bridgetown.
|
9
9
|
|
10
|
-
Credentials like passwords, access tokens and other secrets are often passed to sites each by
|
10
|
+
Credentials like passwords, access tokens and other secrets are often passed to sites each by its own ENV variable. This is both uncool, non-atomic and therefore unreliable. Use this plugin to store your credentials in encrypted YAML files which you can safely commit to your source code repository. In order to use all of them in Bridgetown, you have to set or pass exactly one ENV variable holding the key to decrypt.
|
11
11
|
|
12
12
|
* [Homepage](https://github.com/svoop/bridgetown_credentials)
|
13
13
|
* [API](https://www.rubydoc.info/gems/bridgetown_credentials)
|
@@ -34,12 +34,6 @@ Bundler.setup(:default, Bridgetown.env)
|
|
34
34
|
require "bridgetown_credentials"
|
35
35
|
```
|
36
36
|
|
37
|
-
For safety, you should exclude key files from the source code repository:
|
38
|
-
|
39
|
-
```shell
|
40
|
-
bin/bridgetown apply "$(bundle info --path bridgetown_credentials)/bridgetown.automation.rb"
|
41
|
-
```
|
42
|
-
|
43
37
|
### Secure Installation
|
44
38
|
|
45
39
|
This gem is [cryptographically signed](https://guides.rubygems.org/security/#using-gems) in order to assure it hasn't been tampered with.
|
@@ -51,6 +45,32 @@ gem cert --add <(curl -Ls https://raw.github.com/svoop/bridgetown_credentials/ma
|
|
51
45
|
bundle install --trust-policy MediumSecurity
|
52
46
|
```
|
53
47
|
|
48
|
+
## Update from 0.x.x to 1.x.x
|
49
|
+
|
50
|
+
From version 1.0.0 upwards, this gem uses [Dry::Credentials](https://rubygems.org/gems/dry-credentials) instead of ActiveSupport (which is planned to be ditched from Bridgetown at some point in the future). This requires you to take some additional steps:
|
51
|
+
|
52
|
+
1. Backup the decrypted credentials for every environment:<br>`bin/bridgetown credentials edit -e ENVIRONMENT`
|
53
|
+
2. Delete (or move elsewhere) your old encrypted credentials files:<br>`rm config/credentials/*`
|
54
|
+
3. Update this gem to a version >= 1:<br>`bundle update bridgetown_credentials`
|
55
|
+
4. Create new encrypted credentials files for every environment:<br>`bin/bridgetown credentials edit -e ENVIRONMENT`
|
56
|
+
5. Step 4 prints the new ENV variable which contains the private key required whenever you edit or query credentials. Example: For the development environment, the new ENV variable `DEVELOPMENT_CREDENTIALS_KEY` replaces the old ENV variable `BRIDGETOWN_DEVELOPMENT_KEY`.
|
57
|
+
|
58
|
+
Please note that Dry::Credentials does not support unified environments (one `config/credentials.yml.enc` for both development and production) anymore!
|
59
|
+
|
60
|
+
Also, nested credentials have to be queried differently now and thus you might have to update your Bridgetown site accordingly. Given the example credentials from the [Usage section](#usage) below:
|
61
|
+
|
62
|
+
```ruby
|
63
|
+
# Queries on version 0.x.x
|
64
|
+
Bridgetown.credentials.foo # => "bar"
|
65
|
+
Bridgetown.credentials.aws[:access_key_id] # => "awsXid"
|
66
|
+
Bridgetown.credentials.google.dig((:maps, :api_key) # => "goomXkey"
|
67
|
+
|
68
|
+
# Queries on version 1.x.x
|
69
|
+
Bridgetown.credentials.foo # => "bar"
|
70
|
+
Bridgetown.credentials.aws.access_key_id # => "awsXid"
|
71
|
+
Bridgetown.credentials.google.maps.api_key # => "goomXkey"
|
72
|
+
```
|
73
|
+
|
54
74
|
## Usage
|
55
75
|
|
56
76
|
### First Time
|
@@ -76,18 +96,9 @@ google:
|
|
76
96
|
api_key: goopXkey
|
77
97
|
```
|
78
98
|
|
79
|
-
After saving the
|
80
|
-
|
81
|
-
```
|
82
|
-
config/
|
83
|
-
└─ credentials/
|
84
|
-
├─ development.key
|
85
|
-
└─ development.yml.enc
|
86
|
-
```
|
87
|
-
|
88
|
-
⚠️ Move the `*.key` files to a safe place such as a password manager now! Never check them into the source code repository!
|
99
|
+
After saving, the private key required to encrypt/decrypt the credentials is printed this first time only. Make sure you store this information in a safe place, you will need it in the future.
|
89
100
|
|
90
|
-
The credentials you've edited above
|
101
|
+
The credentials you've edited above has been written to `config/credentials/development.yml.enc` and will be loaded when Bridgetown is in `development` mode.
|
91
102
|
|
92
103
|
To edit the credentials for `production` mode:
|
93
104
|
|
@@ -95,54 +106,32 @@ To edit the credentials for `production` mode:
|
|
95
106
|
bin/bridgetown credentials edit -e production
|
96
107
|
```
|
97
108
|
|
98
|
-
To edit or
|
109
|
+
To edit or query credentials from now on, the corresponding ENV variable with the private key has to be set:
|
99
110
|
|
100
111
|
```shell
|
101
|
-
export
|
102
|
-
export
|
112
|
+
export DEVELOPMENT_CREDENTIALS_KEY="4c87...af93"
|
113
|
+
export PRODUCTION_CREDENTIALS_KEY="92bb...820f"
|
103
114
|
```
|
104
115
|
|
105
|
-
|
106
|
-
|
107
|
-
If you prefer not to separate credentials between different environments:
|
108
|
-
|
109
|
-
```shell
|
110
|
-
rm config/credentials/production.*
|
111
|
-
mv config/credentials/development.yml config/credentials.yml
|
112
|
-
rmdir config/credentials
|
113
|
-
```
|
116
|
+
### Edit
|
114
117
|
|
115
|
-
|
118
|
+
The command is the same as the first time:
|
116
119
|
|
117
120
|
```
|
118
|
-
|
119
|
-
|
120
|
-
```
|
121
|
-
|
122
|
-
To edit or use this from now on, you have to set:
|
123
|
-
|
124
|
-
|
125
|
-
```shell
|
126
|
-
export BRIDGETOWN_CREDENTIALS_KEY="30aabbccddeeff00112233445566778899"
|
121
|
+
bin/bridgetown credentials edit
|
122
|
+
bin/bridgetown credentials edit -e production
|
127
123
|
```
|
128
124
|
|
129
|
-
|
130
|
-
|
131
|
-
### Read
|
125
|
+
### Query
|
132
126
|
|
133
127
|
Throughout the Bridgetown stack, you can now use the credentials as follows:
|
134
128
|
|
135
129
|
```ruby
|
136
|
-
Bridgetown.credentials.foo
|
137
|
-
Bridgetown.credentials.aws
|
138
|
-
Bridgetown.credentials.google.
|
130
|
+
Bridgetown.credentials.foo # => "bar"
|
131
|
+
Bridgetown.credentials.aws.access_key_id # => "awsXid"
|
132
|
+
Bridgetown.credentials.google.maps.api_key # => "goomXkey"
|
139
133
|
```
|
140
134
|
|
141
|
-
### Commands
|
142
|
-
|
143
|
-
* `bin/bridgetown credentials edit` – edit the credentials
|
144
|
-
* `bin/bridgetown credentials show` – dump the decrypted credentials to STDOUT
|
145
|
-
|
146
135
|
## Tests
|
147
136
|
|
148
137
|
* `bundle exec rake test` to run the test suite
|
@@ -6,22 +6,15 @@ module BridgetownCredentials
|
|
6
6
|
class Commands
|
7
7
|
class Credentials < Thor
|
8
8
|
Bridgetown::Commands::Registrations.register do
|
9
|
-
desc "credentials <command>", "Work with
|
9
|
+
desc "credentials <command>", "Work with encrypted credentials"
|
10
10
|
subcommand "credentials", Credentials
|
11
11
|
end
|
12
12
|
|
13
|
-
desc "edit", "Edit
|
13
|
+
desc "edit", "Edit (or create) encrypted credentials"
|
14
14
|
option :environment, aliases: '-e'
|
15
15
|
def edit
|
16
|
-
|
17
|
-
|
18
|
-
end
|
19
|
-
|
20
|
-
desc "show", "Dump the decrypted credentials to STDOUT"
|
21
|
-
option :environment, aliases: '-e'
|
22
|
-
def show
|
23
|
-
ENV['BRIDGETOWN_ENV'] = options['environment'] if options['environment']
|
24
|
-
BridgetownCredentials::Commands.new.show
|
16
|
+
BridgetownCredentials.initializer
|
17
|
+
Bridgetown.credentials.edit! options['environment']
|
25
18
|
end
|
26
19
|
end
|
27
20
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module BridgetownCredentials
|
4
|
+
class << self
|
5
|
+
def initializer
|
6
|
+
Dry::Credentials::Extension.new.then do |credentials|
|
7
|
+
credentials[:env] = Bridgetown.env
|
8
|
+
credentials[:dir] = "#{Bridgetown.configuration.root_dir}/config/credentials"
|
9
|
+
Pathname(credentials[:dir]).mkpath
|
10
|
+
credentials.load!
|
11
|
+
Bridgetown.define_singleton_method(:credentials) { credentials }
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -1,17 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "dry/credentials"
|
3
4
|
require "bridgetown"
|
4
5
|
|
5
|
-
require 'tempfile'
|
6
|
-
require 'yaml'
|
7
|
-
require "active_support/encrypted_configuration"
|
8
|
-
|
9
6
|
require_relative "bridgetown_credentials/version"
|
10
|
-
require_relative "bridgetown_credentials/
|
11
|
-
require_relative "bridgetown_credentials/commands"
|
7
|
+
require_relative "bridgetown_credentials/initializer"
|
12
8
|
require_relative "bridgetown_credentials/commands/credentials"
|
13
|
-
require_relative "bridgetown_credentials/bridgetown"
|
14
9
|
|
15
10
|
Bridgetown.initializer :bridgetown_credentials do
|
16
|
-
|
11
|
+
BridgetownCredentials.initializer
|
17
12
|
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require_relative '../../spec_helper'
|
2
|
+
|
3
|
+
describe BridgetownCredentials do
|
4
|
+
describe :initializer do
|
5
|
+
it "sets env, dir and defines credentials on Bridgetown" do
|
6
|
+
BridgetownCredentials.initializer
|
7
|
+
_(Bridgetown).must_respond_to :credentials
|
8
|
+
_(Bridgetown.credentials[:env]).must_equal Bridgetown.env
|
9
|
+
_(Bridgetown.credentials[:dir]).must_equal Bridgetown.configuration.root_dir + '/config/credentials'
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -11,23 +11,5 @@ require 'pathname'
|
|
11
11
|
require 'minitest/autorun'
|
12
12
|
require Pathname(__dir__).join('..', 'lib', 'bridgetown_credentials')
|
13
13
|
|
14
|
-
require 'minitest/
|
15
|
-
Minitest::Sound.success = Pathname(__dir__).join('sounds', 'success.mp3').to_s
|
16
|
-
Minitest::Sound.failure = Pathname(__dir__).join('sounds', 'failure.mp3').to_s
|
17
|
-
|
14
|
+
require 'minitest/flash'
|
18
15
|
require 'minitest/focus'
|
19
|
-
class MiniTest::Spec
|
20
|
-
class << self
|
21
|
-
alias_method :context, :describe
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
def fixtures_path
|
26
|
-
Pathname(__dir__).join('fixtures')
|
27
|
-
end
|
28
|
-
|
29
|
-
KEYS = {
|
30
|
-
unified: '4f9ab3ef4bddd3ad6d01886b6ffff49c',
|
31
|
-
development: 'e4af0afc87c885a430afa3c9691d8bf4',
|
32
|
-
production: '5f1380543df0a4c839324619e0acf0bf'
|
33
|
-
}
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bridgetown_credentials
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sven Schwyn
|
@@ -10,26 +10,24 @@ bindir: bin
|
|
10
10
|
cert_chain:
|
11
11
|
- |
|
12
12
|
-----BEGIN CERTIFICATE-----
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
MIIC+jCCAeKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
|
14
|
+
L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjMxMTEwMTgyMzM2WhcNMjQxMTA5MTgy
|
15
|
+
MzM2WjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
|
16
16
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
|
17
17
|
KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
|
18
18
|
ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
|
19
19
|
L8CiDK8rClsY4JBNGOgH9UC81f+m61UUQuTLxyM2CXfAYkj/sGNTvFRJcNX+nfdC
|
20
20
|
hM9r2kH1+7wsa8yG7wJ2IkrzNACD8v84oE6qVusN8OLEMUI/NaEPVPbw2LUM149H
|
21
21
|
PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
|
22
|
-
|
23
|
-
yoX/
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
kAyiRqgxF4dJviwtqI7mZIomWL63+kXLgjOjMe1SHxfIPo/0ji6+r1p4KYa7o41v
|
30
|
-
fwIwU1MKlFBdsjkd
|
22
|
+
OTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
|
23
|
+
yoX/VKJzFjLSVDANBgkqhkiG9w0BAQsFAAOCAQEAXhT/LpMArF3JRcZSRkJDY+dU
|
24
|
+
GKCRqOefi2iydqh1yIqXyTA9PGR1w5O6O+WS1FvF+sHCwh8fFjCuStg2L8V2RSeo
|
25
|
+
aDtfZ5s80sL8wRFxg3kek69cBuI6ozU+rf9DaXlMES4i8+zASsdv9Y4a2BsbhEdE
|
26
|
+
9AtuMcWn5a45TOO0S4Q8OuV0v705V38Ow15J2RDRvkFRySt+//8/Vd57XAJxPXU0
|
27
|
+
k/QvZU05f6HMYBrPogJgIzHC/C5N/yeE4BVEuBDn+10Zb1iu3aDk8sd0uMgukCY8
|
28
|
+
TUmlP5A6NeGdeDJIoLgromAKs+nvI7TWzhQq9ODs51XhxgUFRCvBqUTpjTQigw==
|
31
29
|
-----END CERTIFICATE-----
|
32
|
-
date:
|
30
|
+
date: 2024-03-07 00:00:00.000000000 Z
|
33
31
|
dependencies:
|
34
32
|
- !ruby/object:Gem::Dependency
|
35
33
|
name: bridgetown
|
@@ -37,7 +35,7 @@ dependencies:
|
|
37
35
|
requirements:
|
38
36
|
- - ">="
|
39
37
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.2.0
|
38
|
+
version: 1.2.0
|
41
39
|
- - "<"
|
42
40
|
- !ruby/object:Gem::Version
|
43
41
|
version: '2.0'
|
@@ -47,24 +45,30 @@ dependencies:
|
|
47
45
|
requirements:
|
48
46
|
- - ">="
|
49
47
|
- !ruby/object:Gem::Version
|
50
|
-
version: 1.2.0
|
48
|
+
version: 1.2.0
|
51
49
|
- - "<"
|
52
50
|
- !ruby/object:Gem::Version
|
53
51
|
version: '2.0'
|
54
52
|
- !ruby/object:Gem::Dependency
|
55
|
-
name:
|
53
|
+
name: dry-credentials
|
56
54
|
requirement: !ruby/object:Gem::Requirement
|
57
55
|
requirements:
|
58
56
|
- - "~>"
|
59
57
|
- !ruby/object:Gem::Version
|
60
|
-
version: '
|
58
|
+
version: '0'
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 0.2.1
|
61
62
|
type: :runtime
|
62
63
|
prerelease: false
|
63
64
|
version_requirements: !ruby/object:Gem::Requirement
|
64
65
|
requirements:
|
65
66
|
- - "~>"
|
66
67
|
- !ruby/object:Gem::Version
|
67
|
-
version: '
|
68
|
+
version: '0'
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
version: 0.2.1
|
68
72
|
- !ruby/object:Gem::Dependency
|
69
73
|
name: debug
|
70
74
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,7 +112,7 @@ dependencies:
|
|
108
112
|
- !ruby/object:Gem::Version
|
109
113
|
version: '0'
|
110
114
|
- !ruby/object:Gem::Dependency
|
111
|
-
name: minitest-
|
115
|
+
name: minitest-flash
|
112
116
|
requirement: !ruby/object:Gem::Requirement
|
113
117
|
requirements:
|
114
118
|
- - ">="
|
@@ -196,23 +200,12 @@ files:
|
|
196
200
|
- CHANGELOG.md
|
197
201
|
- LICENSE.txt
|
198
202
|
- README.md
|
199
|
-
- bridgetown.automation.rb
|
200
203
|
- lib/bridgetown_credentials.rb
|
201
|
-
- lib/bridgetown_credentials/bridgetown.rb
|
202
|
-
- lib/bridgetown_credentials/commands.rb
|
203
204
|
- lib/bridgetown_credentials/commands/credentials.rb
|
204
|
-
- lib/bridgetown_credentials/
|
205
|
+
- lib/bridgetown_credentials/initializer.rb
|
205
206
|
- lib/bridgetown_credentials/version.rb
|
206
|
-
- spec/
|
207
|
-
- spec/fixtures/separated/config/credentials/production.yml.enc
|
208
|
-
- spec/fixtures/unified/config/credentials.yml.enc
|
209
|
-
- spec/fixtures/unified/config/credentials/development.yml.enc
|
210
|
-
- spec/fixtures/unified/config/credentials/production.yml.enc
|
211
|
-
- spec/lib/bridgetown_credentials/commands_spec.rb
|
212
|
-
- spec/lib/bridgetown_credentials/credentials_spec.rb
|
207
|
+
- spec/lib/bridgetown_credentials/initializer_spec.rb
|
213
208
|
- spec/lib/bridgetown_credentials/version_spec.rb
|
214
|
-
- spec/sounds/failure.mp3
|
215
|
-
- spec/sounds/success.mp3
|
216
209
|
- spec/spec_helper.rb
|
217
210
|
homepage: https://github.com/svoop/bridgetown_credentials
|
218
211
|
licenses:
|
@@ -223,7 +216,9 @@ metadata:
|
|
223
216
|
source_code_uri: https://github.com/svoop/bridgetown_credentials
|
224
217
|
documentation_uri: https://www.rubydoc.info/gems/bridgetown_credentials
|
225
218
|
bug_tracker_uri: https://github.com/svoop/bridgetown_credentials/issues
|
226
|
-
post_install_message:
|
219
|
+
post_install_message: "⚠️ Breaking change: bridgetown_credentials >= 1.0.0 no longer
|
220
|
+
depends on ActiveSupport. Please read the update section in the README for how to
|
221
|
+
migrate your Bridgetown site. Don't worry, it's a piece of cake!"
|
227
222
|
rdoc_options:
|
228
223
|
- "--title"
|
229
224
|
- Credentials for Bridgetown
|
@@ -245,19 +240,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
245
240
|
- !ruby/object:Gem::Version
|
246
241
|
version: '0'
|
247
242
|
requirements: []
|
248
|
-
rubygems_version: 3.
|
243
|
+
rubygems_version: 3.5.6
|
249
244
|
signing_key:
|
250
245
|
specification_version: 4
|
251
246
|
summary: Rails-like encrypted credentials for Bridgetown
|
252
247
|
test_files:
|
253
|
-
- spec/
|
254
|
-
- spec/fixtures/separated/config/credentials/production.yml.enc
|
255
|
-
- spec/fixtures/unified/config/credentials/development.yml.enc
|
256
|
-
- spec/fixtures/unified/config/credentials/production.yml.enc
|
257
|
-
- spec/fixtures/unified/config/credentials.yml.enc
|
258
|
-
- spec/lib/bridgetown_credentials/commands_spec.rb
|
259
|
-
- spec/lib/bridgetown_credentials/credentials_spec.rb
|
248
|
+
- spec/lib/bridgetown_credentials/initializer_spec.rb
|
260
249
|
- spec/lib/bridgetown_credentials/version_spec.rb
|
261
|
-
- spec/sounds/failure.mp3
|
262
|
-
- spec/sounds/success.mp3
|
263
250
|
- spec/spec_helper.rb
|
metadata.gz.sig
CHANGED
Binary file
|
data/bridgetown.automation.rb
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module BridgetownCredentials
|
4
|
-
module Bridgetown
|
5
|
-
|
6
|
-
def credentials
|
7
|
-
BridgetownCredentials::Credentials.new(
|
8
|
-
root_dir: ::Bridgetown.configuration.root_dir,
|
9
|
-
env: ::Bridgetown.env
|
10
|
-
).credentials
|
11
|
-
end
|
12
|
-
|
13
|
-
end
|
14
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module BridgetownCredentials
|
4
|
-
class Commands
|
5
|
-
|
6
|
-
def initialize(root_dir: ::Bridgetown.configuration.root_dir, env: ::Bridgetown.env)
|
7
|
-
@credentials = BridgetownCredentials::Credentials.new(root_dir: root_dir, env: env)
|
8
|
-
end
|
9
|
-
|
10
|
-
def edit
|
11
|
-
tempfile = Tempfile.new('btcs')
|
12
|
-
tempfile.write @credentials.credentials.read
|
13
|
-
tempfile.close
|
14
|
-
system "#{ENV['EDITOR']} #{tempfile.path}"
|
15
|
-
@credentials.credentials.write File.read(tempfile.path)
|
16
|
-
ensure
|
17
|
-
tempfile.unlink
|
18
|
-
end
|
19
|
-
|
20
|
-
def show
|
21
|
-
puts @credentials.credentials.read
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,60 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module BridgetownCredentials
|
4
|
-
class Credentials
|
5
|
-
|
6
|
-
attr_reader :credentials
|
7
|
-
|
8
|
-
def initialize(root_dir:, env:)
|
9
|
-
@config_path = Pathname(root_dir).join('config') # NOTE: config dir is hardcoded as of bridgetown-1.2
|
10
|
-
@env = env
|
11
|
-
@credentials = credentials_path ? load : create
|
12
|
-
end
|
13
|
-
|
14
|
-
private
|
15
|
-
|
16
|
-
def credentials_path
|
17
|
-
[
|
18
|
-
@config_path.join("credentials.yml.enc"),
|
19
|
-
default_credentials_path
|
20
|
-
].find do |path|
|
21
|
-
path.file?
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
def credentials_env
|
26
|
-
['BRIDGETOWN', credentials_path.basename('.yml.enc'), 'KEY']
|
27
|
-
.join('_')
|
28
|
-
.upcase
|
29
|
-
end
|
30
|
-
|
31
|
-
def default_credentials_path
|
32
|
-
@config_path.join('credentials', "#{@env}.yml.enc")
|
33
|
-
end
|
34
|
-
|
35
|
-
def default_key_path
|
36
|
-
@config_path.join('credentials', "#{@env}.key")
|
37
|
-
end
|
38
|
-
|
39
|
-
def load
|
40
|
-
ActiveSupport::EncryptedConfiguration.new(
|
41
|
-
config_path: credentials_path,
|
42
|
-
env_key: credentials_env,
|
43
|
-
key_path: '---',
|
44
|
-
raise_if_missing_key: true
|
45
|
-
)
|
46
|
-
end
|
47
|
-
|
48
|
-
def create
|
49
|
-
default_key_path.dirname.mkpath
|
50
|
-
default_key_path.write(ActiveSupport::EncryptedConfiguration.generate_key)
|
51
|
-
ActiveSupport::EncryptedConfiguration.new(
|
52
|
-
config_path: default_credentials_path,
|
53
|
-
env_key: '---',
|
54
|
-
key_path: default_key_path,
|
55
|
-
raise_if_missing_key: false
|
56
|
-
)
|
57
|
-
end
|
58
|
-
|
59
|
-
end
|
60
|
-
end
|
@@ -1 +0,0 @@
|
|
1
|
-
9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==
|
@@ -1 +0,0 @@
|
|
1
|
-
S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==
|
@@ -1 +0,0 @@
|
|
1
|
-
9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==
|
@@ -1 +0,0 @@
|
|
1
|
-
S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==
|
@@ -1 +0,0 @@
|
|
1
|
-
iEiDBqdV97GT29DWsyuuiHSdPDOZjwwat5mn--Kw4OaG2ueY51rkD7--hwUIAa4Llvp2GoUaz+NPww==
|
@@ -1,34 +0,0 @@
|
|
1
|
-
require_relative '../../spec_helper'
|
2
|
-
|
3
|
-
describe BridgetownCredentials::Commands do
|
4
|
-
|
5
|
-
describe :edit do
|
6
|
-
it "generates the necessary files and writes the credentials via EDITOR" do
|
7
|
-
ENV['EDITOR'] = 'echo "foo: bar" >'
|
8
|
-
Dir.mktmpdir do |root_dir|
|
9
|
-
root_dir = Pathname(root_dir)
|
10
|
-
subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
|
11
|
-
subject.edit
|
12
|
-
ENV['BRIDGETOWN_STAGING_KEY'] = File.read(root_dir.join('config', 'credentials', 'staging.key'))
|
13
|
-
subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
|
14
|
-
_{ subject.show }.must_output "foo: bar\n"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
describe :show do
|
20
|
-
let :root_dir do
|
21
|
-
fixtures_path.join('separated')
|
22
|
-
end
|
23
|
-
|
24
|
-
subject do
|
25
|
-
ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
|
26
|
-
BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'production')
|
27
|
-
end
|
28
|
-
|
29
|
-
it "prints the decrypted credentials without leading three dashes line" do
|
30
|
-
_{ subject.show }.must_output "production: PRODUCTION\n"
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
end
|
@@ -1,83 +0,0 @@
|
|
1
|
-
require_relative '../../spec_helper'
|
2
|
-
|
3
|
-
describe BridgetownCredentials::Credentials do
|
4
|
-
context "unified credentials" do
|
5
|
-
let :root_dir do
|
6
|
-
fixtures_path.join('unified')
|
7
|
-
end
|
8
|
-
|
9
|
-
subject do
|
10
|
-
BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'development')
|
11
|
-
end
|
12
|
-
|
13
|
-
describe :credentials_path do
|
14
|
-
it "always discovers credentials.yml.enc" do
|
15
|
-
_(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials.yml.enc')
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
describe :credentials_env do
|
20
|
-
it "always returns BRIDGETOWN_CREDENTIALS_KEY" do
|
21
|
-
_(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_CREDENTIALS_KEY'
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
describe :credentials do
|
26
|
-
it "always decodes credentials.yml.enc" do
|
27
|
-
ENV['BRIDGETOWN_CREDENTIALS_KEY'] = KEYS[:unified]
|
28
|
-
_(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
|
29
|
-
end
|
30
|
-
|
31
|
-
it "fails if no key env var is set" do
|
32
|
-
ENV['BRIDGETOWN_CREDENTIALS_KEY'] = nil
|
33
|
-
_{ subject.credentials.config }.must_raise RuntimeError
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
context "separated credentials" do
|
39
|
-
let :root_dir do
|
40
|
-
fixtures_path.join('separated')
|
41
|
-
end
|
42
|
-
|
43
|
-
subject do
|
44
|
-
BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'production')
|
45
|
-
end
|
46
|
-
|
47
|
-
describe :credentials_path do
|
48
|
-
it "discovers .yml.enc for the current environment" do
|
49
|
-
_(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials', 'production.yml.enc')
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
describe :credentials_env do
|
54
|
-
it "returns the env var key for the current environment" do
|
55
|
-
_(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_PRODUCTION_KEY'
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
describe :credentials do
|
60
|
-
it "decodes .yml.enc for the current environment" do
|
61
|
-
ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
|
62
|
-
_(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
|
63
|
-
end
|
64
|
-
|
65
|
-
it "fails if no key env var is set" do
|
66
|
-
ENV['BRIDGETOWN_PRODUCTION_KEY'] = nil
|
67
|
-
_{ subject.credentials.config }.must_raise RuntimeError
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
context "new credentials" do
|
73
|
-
describe :initializer do
|
74
|
-
it "generate a key" do
|
75
|
-
Dir.mktmpdir do |root_dir|
|
76
|
-
root_dir = Pathname(root_dir)
|
77
|
-
BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'foobar')
|
78
|
-
_(root_dir.join('config', 'credentials', 'foobar.key')).path_must_exist
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
data/spec/sounds/failure.mp3
DELETED
Binary file
|
data/spec/sounds/success.mp3
DELETED
Binary file
|