RubyGems - dotenv-secretsmanager - Versions diffs - 0.2.0 → 0.3.0 - Mend

dotenv-secretsmanager 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/README.md +11 -3
data/lib/dotenv/secretsmanager/version.rb +1 -1
data/lib/dotenv/secretsmanager.rb +8 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62ef3b65d117f00e7c365872b6beb81e8da2bf425169881f4a298fcc388ce644
-  data.tar.gz: f3b4a305fbd391229c9a7ec50cff7478cb61fb3351cd94c28e05b2f2208f2999
+  metadata.gz: 1179b709da58d9aaf2a856a5a1231036f53151846e30a7767cb04944d1ecbbc4
+  data.tar.gz: 439b0ebd08d2a4056ff1cb7d4fdb017fb92f0a9b82f30ae0315452e6b4e52bef
 SHA512:
-  metadata.gz: 6959abb2346741590c566de52e2242b108686e8d33dbee5c1f4995bdcbd55736478cf064f4b647ca315db4d5460b40290d3ebec0e9a94158619148b92469dbf2
-  data.tar.gz: a1762b6689843fba05b3f89effbe0e10b9e53cdfcef62105d8cdb46b90423a55378e9ccacccca0b5b2d37116304223c6d14d7782b3b4eb445a05433480cae2c5
+  metadata.gz: 8e45f5ef7022f70044e3608839c9a518b6269f530206f9e8d2e13f6d7f0a4adf579448733c7bee5120250019fd869aa08ab9a133c7bed24652fb5dd89fb48ddc
+  data.tar.gz: 15f96a1c520ccc704909758ef8c38845000d33b17f246d0f9bb840cd33dc1b2b819bc564bcd436f290ceba18e72914b7bc54c07b8c315066591d16ba6c3d09b3

data/README.md CHANGED Viewed

@@ -63,9 +63,17 @@ makes zero AWS calls and builds no client when no references are present.
 ## Skipping resolution
-Set the `DOTENV_SECRETSMANAGER_SKIP` env var (or `configuration.skip`) to make
-`resolve!` a pure no-op: no AWS calls, no client constructed, and `aws-sm:`
-references left untouched in `ENV`.
+Set the `DOTENV_SECRETSMANAGER_SKIP` env var (or `configuration.skip`) to skip
+resolution: no AWS calls and no client constructed. Instead of resolving them,
+`resolve!` **removes** every `ENV` key whose value is an `aws-sm:` reference, so
+the net effect is as if those references were never in `ENV`.
+This deletion is deliberate: a raw `aws-sm:` value is never valid for any
+consumer, and a *present-but-invalid* secret breaks boot. For example, leaving
+`RAILS_MASTER_KEY="aws-sm:..."` in `ENV` makes Rails credentials decryption fail
+with `ArgumentError: key must be 16 bytes`, whereas an *absent* `RAILS_MASTER_KEY`
+is tolerated. Non-reference inline config (e.g. `DEFAULT_URL_HOST`) is left
+intact — the build still wants those values.
 ```sh
 DOTENV_SECRETSMANAGER_SKIP=true

data/lib/dotenv/secretsmanager/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Dotenv
   module SecretsManager
-    VERSION = "0.2.0"
+    VERSION = "0.3.0"
   end
 end

data/lib/dotenv/secretsmanager.rb CHANGED Viewed

@@ -26,7 +26,14 @@ module Dotenv
       end
       def resolve!(env = ENV)
-        return env if skip?
+        if skip?
+          # Delete reference-holding keys rather than leaving them: a raw
+          # aws-sm: literal is never a valid value for any consumer, and a
+          # present-but-invalid secret (e.g. RAILS_MASTER_KEY) breaks boot.
+          # Non-reference inline config is left intact for the build.
+          env.keys.each { |key| env.delete(key) if Reference.reference?(env[key]) }
+          return env
+        end
         Resolver.new(env: env, config: configuration).resolve!
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dotenv-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - key88sf