bridgetown_credentials 0.2.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8779dc0cb6b351a39d667b7f7114bb087d9bbadf75511cdfb3ff1288384e76d
-  data.tar.gz: 2e1804b7ad62f4668bcd786a3bbee6bc64cef78c0ce55d76268382f51a481546
+  metadata.gz: a0a7c3406ec0b71f20855c85edf8c0599b32bab8596781934d490c8b96676cb4
+  data.tar.gz: 8b6d6b1aa01fd6c2d6eb3358076f60592fff716f3b6e8d96d9fea7d93cdca2a2
 SHA512:
-  metadata.gz: df801bb953a77b287a1d27cb791911739a4d3f5e95c103752d93b20ae9c87a47d66e47486b28fe518e4b7212411b957e3b59d5d0b4fb3583d9cfe9c836cc30ca
-  data.tar.gz: '078e49dedc4c3fa2d91a31dc8e16be6a244aec28f8c87e204cb4a412bfaba156c9b3eb2b4fbeb551d297d32aacea74c55939830ed45c6c8bd74dc2f7532605f7'
+  metadata.gz: d197d743dea142c2f67940ddce6168e31484df6b9f3bea19863559f1c95ed4cfaf911612331badaaa107087ba879e8eee1a3f225b41564468e47ce442d2dba6d
+  data.tar.gz: 747a691b25168d1eb8ceca15308b0e799904bfda62c63e8175226e5ac164312392b32f7f11ed85e374c702bca794491f22820ae6bdb98ef6d74949e91d89e64a

data/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 Nothing so far
 
+## 1.0.1
+
+#### Changes
+* Update Ruby to 3.4
+
+Nothing so far
+
+## 1.0.0
+
+### Breaking Changes
+* Switch from ActiveSupport to dry-credentials (see README)
+
 ## 0.2.0
 
 ### Breaking Changes

data/README.md

@@ -1,18 +1,20 @@
 [![Version](https://img.shields.io/gem/v/bridgetown_credentials.svg?style=flat)](https://rubygems.org/gems/bridgetown_credentials)
 [![Tests](https://img.shields.io/github/actions/workflow/status/svoop/bridgetown_credentials/test.yml?style=flat&label=tests)](https://github.com/svoop/bridgetown_credentials/actions?workflow=Test)
 [![Code Climate](https://img.shields.io/codeclimate/maintainability/svoop/bridgetown_credentials.svg?style=flat)](https://codeclimate.com/github/svoop/bridgetown_credentials/)
-[![Donorbox](https://img.shields.io/badge/donate-on_donorbox-yellow.svg)](https://donorbox.org/bitcetera)
+[![GitHub Sponsors](https://img.shields.io/github/sponsors/svoop.svg)](https://github.com/sponsors/svoop)
 
 # Credentials for Bridgetown
 
 This plugin adds Rails-like encrypted credentials to Bridgetown.
 
-Credentials like passwords, access tokens and other secrets are often passed to sites each by it's own ENV variable. This is both uncool, non-atomic and therefore unreliable. Use this plugin to store your credentials in encrypted YAML files which you can safely commit to your source code repository. In order to use all of them in Bridgetown, you have to set or pass exactly one ENV variable holding the key to decrypt.
+Credentials like passwords, access tokens and other secrets are often passed to sites each by its own ENV variable. This is both uncool, non-atomic and therefore unreliable. Use this plugin to store your credentials in encrypted YAML files which you can safely commit to your source code repository. In order to use all of them in Bridgetown, you have to set or pass exactly one ENV variable holding the key to decrypt.
 
 * [Homepage](https://github.com/svoop/bridgetown_credentials)
 * [API](https://www.rubydoc.info/gems/bridgetown_credentials)
 * Author: [Sven Schwyn - Bitcetera](https://bitcetera.com)
 
+Thank you for supporting free and open-source software by sponsoring on [GitHub](https://github.com/sponsors/svoop) or on [Donorbox](https://donorbox.com/bitcetera). Any gesture is appreciated, from a single Euro for a ☕️ cup of coffee to 🍹 early retirement.
+
 ## Installation
 
 First add this gem to your bundle:
@@ -34,12 +36,6 @@ Bundler.setup(:default, Bridgetown.env)
 require "bridgetown_credentials"
 ```
 
-For safety, you should exclude key files from the source code repository:
-
-```shell
-bin/bridgetown apply "$(bundle info --path bridgetown_credentials)/bridgetown.automation.rb"
-```
-
 ### Secure Installation
 
 This gem is [cryptographically signed](https://guides.rubygems.org/security/#using-gems) in order to assure it hasn't been tampered with.
@@ -51,6 +47,32 @@ gem cert --add <(curl -Ls https://raw.github.com/svoop/bridgetown_credentials/ma
 bundle install --trust-policy MediumSecurity
 ```
 
+## Update from 0.x.x to 1.x.x
+
+From version 1.0.0 upwards, this gem uses [Dry::Credentials](https://rubygems.org/gems/dry-credentials) instead of ActiveSupport (which is planned to be ditched from Bridgetown at some point in the future). This requires you to take some additional steps:
+
+1. Backup the decrypted credentials for every environment:<br>`bin/bridgetown credentials edit -e ENVIRONMENT`
+2. Delete (or move elsewhere) your old encrypted credentials files:<br>`rm config/credentials/*`
+3. Update this gem to a version >= 1:<br>`bundle update bridgetown_credentials`
+4. Create new encrypted credentials files for every environment:<br>`bin/bridgetown credentials edit -e ENVIRONMENT`
+5. Step 4 prints the new ENV variable which contains the private key required whenever you edit or query credentials. Example: For the development environment, the new ENV variable `DEVELOPMENT_CREDENTIALS_KEY` replaces the old ENV variable `BRIDGETOWN_DEVELOPMENT_KEY`.
+
+Please note that Dry::Credentials does not support unified environments (one `config/credentials.yml.enc` for both development and production) anymore!
+
+Also, nested credentials have to be queried differently now and thus you might have to update your Bridgetown site accordingly. Given the example credentials from the [Usage section](#usage) below:
+
+```ruby
+# Queries on version 0.x.x
+Bridgetown.credentials.foo                            # => "bar"
+Bridgetown.credentials.aws[:access_key_id]            # => "awsXid"
+Bridgetown.credentials.google.dig((:maps, :api_key)   # => "goomXkey"
+
+# Queries on version 1.x.x
+Bridgetown.credentials.foo                            # => "bar"
+Bridgetown.credentials.aws.access_key_id              # => "awsXid"
+Bridgetown.credentials.google.maps.api_key            # => "goomXkey"
+```
+
 ## Usage
 
 ### First Time
@@ -76,18 +98,9 @@ google:
     api_key: goopXkey
 ```
 
-After saving the file, the following new files have been created:
+After saving, the private key required to encrypt/decrypt the credentials is printed this first time only. Make sure you store this information in a safe place, you will need it in the future.
 
-```
-config/
- └─ credentials/
-     ├─ development.key
-     └─ development.yml.enc
-```
-
-⚠️ Move the `*.key` files to a safe place such as a password manager now! Never check them into the source code repository!
-
-The credentials you've edited above have been written to `development.yml.enc` and will be available when Bridgetown is in `development` mode.
+The credentials you've edited above has been written to `config/credentials/development.yml.enc` and will be loaded when Bridgetown is in `development` mode.
 
 To edit the credentials for `production` mode:
 
@@ -95,54 +108,32 @@ To edit the credentials for `production` mode:
 bin/bridgetown credentials edit -e production
 ```
 
-To edit or use a credentials file from now on, you have to set the corresponding key as an ENV variable. The actual key is the content of the `*.key` file you should have tucked away above.
+To edit or query credentials from now on, the corresponding ENV variable with the private key has to be set:
 
 ```shell
-export BRIDGETOWN_DEVELOPMENT_KEY="10aabbccddeeff00112233445566778899"
-export BRIDGETOWN_PRODUCTION_KEY="20aabbccddeeff00112233445566778899"
+export DEVELOPMENT_CREDENTIALS_KEY="4c87...af93"
+export PRODUCTION_CREDENTIALS_KEY="92bb...820f"
 ```
 
-#### Unified Environments
-
-If you prefer not to separate credentials between different environments:
-
-```shell
-rm config/credentials/production.*
-mv config/credentials/development.yml config/credentials.yml
-rmdir config/credentials
-```
+### Edit
 
-This simplifies the files to:
+The command is the same as the first time:
 
 ```
-config/
- └─ credentials.yml.enc
-```
-
-To edit or use this from now on, you have to set:
-
-
-```shell
-export BRIDGETOWN_CREDENTIALS_KEY="30aabbccddeeff00112233445566778899"
+bin/bridgetown credentials edit
+bin/bridgetown credentials edit -e production
 ```
 
-⚠️ If `config/credentials.yml` is present, any other credentials files are ignored.
-
-### Read
+### Query
 
 Throughout the Bridgetown stack, you can now use the credentials as follows:
 
 ```ruby
-Bridgetown.credentials.foo                            # => "bar"
-Bridgetown.credentials.aws[:access_key_id]            # => "awsXid"
-Bridgetown.credentials.google.dig((:maps, :api_key)   # => "goomXkey"
+Bridgetown.credentials.foo                   # => "bar"
+Bridgetown.credentials.aws.access_key_id     # => "awsXid"
+Bridgetown.credentials.google.maps.api_key   # => "goomXkey"
 ```
 
-### Commands
-
-* `bin/bridgetown credentials edit` – edit the credentials
-* `bin/bridgetown credentials show` – dump the decrypted credentials to STDOUT
-
 ## Tests
 
 * `bundle exec rake test` to run the test suite

data/lib/bridgetown_credentials/commands/credentials.rb

@@ -6,22 +6,15 @@ module BridgetownCredentials
   class Commands
     class Credentials < Thor
       Bridgetown::Commands::Registrations.register do
-        desc "credentials <command>", "Work with Rails-like encrypted credentials"
+        desc "credentials <command>", "Work with encrypted credentials"
         subcommand "credentials", Credentials
       end
 
-      desc "edit", "Edit the credentials"
+      desc "edit", "Edit (or create) encrypted credentials"
       option :environment, aliases: '-e'
       def edit
-        ENV['BRIDGETOWN_ENV'] = options['environment'] if options['environment']
-        BridgetownCredentials::Commands.new.edit
-      end
-
-      desc "show", "Dump the decrypted credentials to STDOUT"
-      option :environment, aliases: '-e'
-      def show
-        ENV['BRIDGETOWN_ENV'] = options['environment'] if options['environment']
-        BridgetownCredentials::Commands.new.show
+        BridgetownCredentials.initializer
+        Bridgetown.credentials.edit! options['environment']
       end
     end
   end

data/lib/bridgetown_credentials/initializer.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module BridgetownCredentials
+  class << self
+    def initializer
+      Dry::Credentials::Extension.new.then do |credentials|
+        credentials[:env] = Bridgetown.env
+        credentials[:dir] = "#{Bridgetown.configuration.root_dir}/config/credentials"
+        Pathname(credentials[:dir]).mkpath
+        credentials.load!
+        Bridgetown.define_singleton_method(:credentials) { credentials }
+      end
+    end
+  end
+end

data/lib/bridgetown_credentials/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BridgetownCredentials
-  VERSION = "0.2.0"
+  VERSION = "1.0.1"
 end

data/lib/bridgetown_credentials.rb

@@ -1,17 +1,12 @@
 # frozen_string_literal: true
 
+require "dry/credentials"
 require "bridgetown"
 
-require 'tempfile'
-require 'yaml'
-require "active_support/encrypted_configuration"
-
 require_relative "bridgetown_credentials/version"
-require_relative "bridgetown_credentials/credentials"
-require_relative "bridgetown_credentials/commands"
+require_relative "bridgetown_credentials/initializer"
 require_relative "bridgetown_credentials/commands/credentials"
-require_relative "bridgetown_credentials/bridgetown"
 
 Bridgetown.initializer :bridgetown_credentials do
-  Bridgetown.extend BridgetownCredentials::Bridgetown
+  BridgetownCredentials.initializer
 end

data/spec/lib/bridgetown_credentials/initializer_spec.rb

@@ -0,0 +1,12 @@
+require_relative '../../spec_helper'
+
+describe BridgetownCredentials do
+  describe :initializer do
+    it "sets env, dir and defines credentials on Bridgetown" do
+      BridgetownCredentials.initializer
+      _(Bridgetown).must_respond_to :credentials
+      _(Bridgetown.credentials[:env]).must_equal Bridgetown.env
+      _(Bridgetown.credentials[:dir]).must_equal Bridgetown.configuration.root_dir + '/config/credentials'
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -11,23 +11,5 @@ require 'pathname'
 require 'minitest/autorun'
 require Pathname(__dir__).join('..', 'lib', 'bridgetown_credentials')
 
-require 'minitest/sound'
-Minitest::Sound.success = Pathname(__dir__).join('sounds', 'success.mp3').to_s
-Minitest::Sound.failure = Pathname(__dir__).join('sounds', 'failure.mp3').to_s
-
+require 'minitest/flash'
 require 'minitest/focus'
-class MiniTest::Spec
-  class << self
-    alias_method :context, :describe
-  end
-end
-
-def fixtures_path
-  Pathname(__dir__).join('fixtures')
-end
-
-KEYS = {
-  unified: '4f9ab3ef4bddd3ad6d01886b6ffff49c',
-  development: 'e4af0afc87c885a430afa3c9691d8bf4',
-  production: '5f1380543df0a4c839324619e0acf0bf'
-}

metadata

@@ -1,18 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: bridgetown_credentials
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Sven Schwyn
-autorequire:
 bindir: bin
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
   MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
-  L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjIxMTA2MTIzNjUwWhcNMjMxMTA2MTIz
-  NjUwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
+  L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjQxMTIwMjExMDIwWhcNMjUxMTIwMjEx
+  MDIwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
   CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
   KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
   ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
@@ -21,15 +20,15 @@ cert_chain:
   PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
   dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
   yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
-  BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAYG2na
-  ye8OE2DANQIFM/xDos/E4DaPWCJjX5xvFKNKHMCeQYPeZvLICCwyw2paE7Otwk6p
-  uvbg2Ks5ykXsbk5i6vxDoeeOLvmxCqI6m+tHb8v7VZtmwRJm8so0eSX0WvTaKnIf
-  CAn1bVUggczVdNoBXw9WAILKyw9bvh3Ft740XZrR74sd+m2pGwjCaM8hzLvrVbGP
-  DyYhlBeRWyQKQ0WDIsiTSRhzK8HwSTUWjvPwx7SEdIU/HZgyrk0ETObKPakVu6bH
-  kAyiRqgxF4dJviwtqI7mZIomWL63+kXLgjOjMe1SHxfIPo/0ji6+r1p4KYa7o41v
-  fwIwU1MKlFBdsjkd
+  BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQDSeB1x
+  8QK8F/ML37isgvwGiQxovDUqu6Sq14cQ1qE9y5prUBmL2AsDuCBpXXctcvamFqNC
+  PgfJtj7ZZcXmY0SfKCog7T1btkr6zYxPXpxwUqB45n0I6v5qc0UCNvMEfBzxlak5
+  VW7UMNlKD9qukeN55hxuLF2F/sLldMcHUo/ATgdV4zk1t3sK6A9+02wz5K5qfWdM
+  Mi+XWXmGd57uojk3RcIXNwBRRP4DTKcKgVXhuyHb7q1vjTXrS6bw1Ortu0KmWOIk
+  jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
+  boIgxQCMT+nxBHCD
   -----END CERTIFICATE-----
-date: 2023-01-26 00:00:00.000000000 Z
+date: 2024-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bridgetown
@@ -52,19 +51,25 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: dry-credentials
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.1
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -108,7 +113,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: minitest-sound
+  name: minitest-flash
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -196,23 +201,12 @@ files:
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
-- bridgetown.automation.rb
 - lib/bridgetown_credentials.rb
-- lib/bridgetown_credentials/bridgetown.rb
-- lib/bridgetown_credentials/commands.rb
 - lib/bridgetown_credentials/commands/credentials.rb
-- lib/bridgetown_credentials/credentials.rb
+- lib/bridgetown_credentials/initializer.rb
 - lib/bridgetown_credentials/version.rb
-- spec/fixtures/separated/config/credentials/development.yml.enc
-- spec/fixtures/separated/config/credentials/production.yml.enc
-- spec/fixtures/unified/config/credentials.yml.enc
-- spec/fixtures/unified/config/credentials/development.yml.enc
-- spec/fixtures/unified/config/credentials/production.yml.enc
-- spec/lib/bridgetown_credentials/commands_spec.rb
-- spec/lib/bridgetown_credentials/credentials_spec.rb
+- spec/lib/bridgetown_credentials/initializer_spec.rb
 - spec/lib/bridgetown_credentials/version_spec.rb
-- spec/sounds/failure.mp3
-- spec/sounds/success.mp3
 - spec/spec_helper.rb
 homepage: https://github.com/svoop/bridgetown_credentials
 licenses:
@@ -223,7 +217,9 @@ metadata:
   source_code_uri: https://github.com/svoop/bridgetown_credentials
   documentation_uri: https://www.rubydoc.info/gems/bridgetown_credentials
   bug_tracker_uri: https://github.com/svoop/bridgetown_credentials/issues
-post_install_message:
+post_install_message: "⚠️ Breaking change: bridgetown_credentials >= 1.0.0 no longer
+  depends on ActiveSupport. Please read the update section in the README for how to
+  migrate your Bridgetown site. Don't worry, it's a piece of cake!"
 rdoc_options:
 - "--title"
 - Credentials for Bridgetown
@@ -245,19 +241,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.5
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Rails-like encrypted credentials for Bridgetown
 test_files:
-- spec/fixtures/separated/config/credentials/development.yml.enc
-- spec/fixtures/separated/config/credentials/production.yml.enc
-- spec/fixtures/unified/config/credentials/development.yml.enc
-- spec/fixtures/unified/config/credentials/production.yml.enc
-- spec/fixtures/unified/config/credentials.yml.enc
-- spec/lib/bridgetown_credentials/commands_spec.rb
-- spec/lib/bridgetown_credentials/credentials_spec.rb
+- spec/lib/bridgetown_credentials/initializer_spec.rb
 - spec/lib/bridgetown_credentials/version_spec.rb
-- spec/sounds/failure.mp3
-- spec/sounds/success.mp3
 - spec/spec_helper.rb

data/bridgetown.automation.rb

@@ -1,7 +0,0 @@
-# Make sure key files are not committed to the source code repository
-append_to_file ".gitignore" do
-  <<~END
-    config/credentials.key
-    config/credentials/*.key
-  END
-end

data/lib/bridgetown_credentials/bridgetown.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module BridgetownCredentials
-  module Bridgetown
-
-    def credentials
-      BridgetownCredentials::Credentials.new(
-        root_dir: ::Bridgetown.configuration.root_dir,
-        env: ::Bridgetown.env
-      ).credentials
-    end
-
-  end
-end

data/lib/bridgetown_credentials/commands.rb

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-module BridgetownCredentials
-  class Commands
-
-    def initialize(root_dir: ::Bridgetown.configuration.root_dir, env: ::Bridgetown.env)
-      @credentials = BridgetownCredentials::Credentials.new(root_dir: root_dir, env: env)
-    end
-
-    def edit
-      tempfile = Tempfile.new('btcs')
-      tempfile.write @credentials.credentials.read
-      tempfile.close
-      system "#{ENV['EDITOR']} #{tempfile.path}"
-      @credentials.credentials.write File.read(tempfile.path)
-    ensure
-      tempfile.unlink
-    end
-
-    def show
-      puts @credentials.credentials.read
-    end
-  end
-end

data/lib/bridgetown_credentials/credentials.rb

@@ -1,60 +0,0 @@
-# frozen_string_literal: true
-
-module BridgetownCredentials
-  class Credentials
-
-    attr_reader :credentials
-
-    def initialize(root_dir:, env:)
-      @config_path = Pathname(root_dir).join('config')   # NOTE: config dir is hardcoded as of bridgetown-1.2
-      @env = env
-      @credentials = credentials_path ? load : create
-    end
-
-    private
-
-    def credentials_path
-      [
-        @config_path.join("credentials.yml.enc"),
-        default_credentials_path
-      ].find do |path|
-        path.file?
-      end
-    end
-
-    def credentials_env
-      ['BRIDGETOWN', credentials_path.basename('.yml.enc'), 'KEY']
-        .join('_')
-        .upcase
-    end
-
-    def default_credentials_path
-      @config_path.join('credentials', "#{@env}.yml.enc")
-    end
-
-    def default_key_path
-      @config_path.join('credentials', "#{@env}.key")
-    end
-
-    def load
-      ActiveSupport::EncryptedConfiguration.new(
-        config_path: credentials_path,
-        env_key: credentials_env,
-        key_path: '---',
-        raise_if_missing_key: true
-      )
-    end
-
-    def create
-      default_key_path.dirname.mkpath
-      default_key_path.write(ActiveSupport::EncryptedConfiguration.generate_key)
-      ActiveSupport::EncryptedConfiguration.new(
-        config_path: default_credentials_path,
-        env_key: '---',
-        key_path: default_key_path,
-        raise_if_missing_key: false
-      )
-    end
-
-  end
-end

data/spec/fixtures/separated/config/credentials/development.yml.enc

@@ -1 +0,0 @@
-9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==

data/spec/fixtures/separated/config/credentials/production.yml.enc

@@ -1 +0,0 @@
-S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==

data/spec/fixtures/unified/config/credentials/development.yml.enc

@@ -1 +0,0 @@
-9i/EtUJt1efCi00JI8zjhF0NLObmkgZYdz1AybNHLKc4Hr8=--TpvEzWdBo9BDIehP--58KgR6zZPV7ji2Ej4LKwtg==

data/spec/fixtures/unified/config/credentials/production.yml.enc

@@ -1 +0,0 @@
-S5RzJRMyPJ+0/yqQnDxSZ3ZZ6TVM21Uzt5rtj+77Tnkd--vny3NxIG5530Q2Cc--vqccEZ/3Jga3Jbc9G1knSA==

data/spec/fixtures/unified/config/credentials.yml.enc

@@ -1 +0,0 @@
-iEiDBqdV97GT29DWsyuuiHSdPDOZjwwat5mn--Kw4OaG2ueY51rkD7--hwUIAa4Llvp2GoUaz+NPww==

data/spec/lib/bridgetown_credentials/commands_spec.rb

@@ -1,34 +0,0 @@
-require_relative '../../spec_helper'
-
-describe BridgetownCredentials::Commands do
-
-  describe :edit do
-    it "generates the necessary files and writes the credentials via EDITOR" do
-      ENV['EDITOR'] = 'echo "foo: bar" >'
-      Dir.mktmpdir do |root_dir|
-        root_dir = Pathname(root_dir)
-        subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
-        subject.edit
-        ENV['BRIDGETOWN_STAGING_KEY'] = File.read(root_dir.join('config', 'credentials', 'staging.key'))
-        subject = BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'staging')
-        _{ subject.show }.must_output "foo: bar\n"
-      end
-    end
-  end
-
-  describe :show do
-    let :root_dir do
-      fixtures_path.join('separated')
-    end
-
-    subject do
-      ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
-      BridgetownCredentials::Commands.new(root_dir: root_dir, env: 'production')
-    end
-
-    it "prints the decrypted credentials without leading three dashes line" do
-      _{ subject.show }.must_output "production: PRODUCTION\n"
-    end
-  end
-
-end

data/spec/lib/bridgetown_credentials/credentials_spec.rb

@@ -1,83 +0,0 @@
-require_relative '../../spec_helper'
-
-describe BridgetownCredentials::Credentials do
-  context "unified credentials" do
-    let :root_dir do
-      fixtures_path.join('unified')
-    end
-
-    subject do
-      BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'development')
-    end
-
-    describe :credentials_path do
-      it "always discovers credentials.yml.enc" do
-        _(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials.yml.enc')
-      end
-    end
-
-    describe :credentials_env do
-      it "always returns BRIDGETOWN_CREDENTIALS_KEY" do
-        _(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_CREDENTIALS_KEY'
-      end
-    end
-
-    describe :credentials do
-      it "always decodes credentials.yml.enc" do
-        ENV['BRIDGETOWN_CREDENTIALS_KEY'] = KEYS[:unified]
-        _(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
-      end
-
-      it "fails if no key env var is set" do
-        ENV['BRIDGETOWN_CREDENTIALS_KEY'] = nil
-        _{ subject.credentials.config }.must_raise RuntimeError
-      end
-    end
-  end
-
-  context "separated credentials" do
-    let :root_dir do
-      fixtures_path.join('separated')
-    end
-
-    subject do
-      BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'production')
-    end
-
-    describe :credentials_path do
-      it "discovers .yml.enc for the current environment" do
-        _(subject.send(:credentials_path)).must_equal root_dir.join('config', 'credentials', 'production.yml.enc')
-      end
-    end
-
-    describe :credentials_env do
-      it "returns the env var key for the current environment" do
-        _(subject.send(:credentials_env)).must_equal 'BRIDGETOWN_PRODUCTION_KEY'
-      end
-    end
-
-    describe :credentials do
-      it "decodes .yml.enc for the current environment" do
-        ENV['BRIDGETOWN_PRODUCTION_KEY'] = KEYS[:production]
-        _(subject.credentials).must_be_instance_of ActiveSupport::EncryptedConfiguration
-      end
-
-      it "fails if no key env var is set" do
-        ENV['BRIDGETOWN_PRODUCTION_KEY'] = nil
-        _{ subject.credentials.config }.must_raise RuntimeError
-      end
-    end
-  end
-
-  context "new credentials" do
-    describe :initializer do
-      it "generate a key" do
-        Dir.mktmpdir do |root_dir|
-          root_dir = Pathname(root_dir)
-          BridgetownCredentials::Credentials.new(root_dir: root_dir, env: 'foobar')
-          _(root_dir.join('config', 'credentials', 'foobar.key')).path_must_exist
-        end
-      end
-    end
-  end
-end