dotenv-vault-rails 0.10.0 → 0.10.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4f612aee9f093299bc8f9ffc6d62927f5a90146982add8cf9c5efd9f58c16f13
4
- data.tar.gz: 06ccf7aa83cd740991576ff3c2a0bdacf1668b3a706feb2014b8d7a59c91208e
3
+ metadata.gz: 3c427666c300e27340a880bc3887b0d4685091edb6cbf6132071cbcf1ea8949f
4
+ data.tar.gz: b89a020c71593919e103f37a0e53ab16842bf8355566a68f456b7816369f1dc9
5
5
  SHA512:
6
- metadata.gz: 9680ab3bb4852d5ac11107c19c90b5ff05b7c5c7218c04134c3005fd4de8421ca4b0b5ef84b348c041749892be1cbc1750bde365bf78034cfef0be907b4c009c
7
- data.tar.gz: cdf203edcce1452dc5d4666849de31cfb35621cc167d1a7d70e86c083be987119f8f06c65ebac4e10f54e791f0bf15015b345013fe85a65e54a2b2de96c580cd
6
+ metadata.gz: 378b6eb7c0b3f9276cb34a286da3d5a178cb5e2120b98eefddbbb40dd64b381d346bec57ae9a238a08124b4631004e9f9842217180f3c04ed46199a834fa2ce0
7
+ data.tar.gz: c393277233b3e191d654f4390e0796aa1d2431d72b44919380fac590bd6de52c7148790bf5aaba85adbc18864e257052adf7443fc51bc5df6bb423c62d15d777
data/CHANGELOG.md CHANGED
@@ -2,7 +2,13 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
4
 
5
- ## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.9.0...master)
5
+ ## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.10.1...master)
6
+
7
+ ## 0.10.1
8
+
9
+ ### Changed
10
+
11
+ - Modify the log message to `Loading env from encrypted .env.vault`.
6
12
 
7
13
  ## 0.10.0
8
14
 
data/Gemfile.lock CHANGED
@@ -1,68 +1,70 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dotenv-vault (0.10.0)
4
+ dotenv-vault (0.10.1)
5
5
  dotenv
6
6
  lockbox
7
- dotenv-vault-rails (0.10.0)
7
+ dotenv-vault-rails (0.10.1)
8
8
  dotenv-rails
9
- dotenv-vault (= 0.10.0)
9
+ dotenv-vault (= 0.10.1)
10
10
 
11
11
  GEM
12
12
  remote: https://rubygems.org/
13
13
  specs:
14
- actionpack (7.0.4)
15
- actionview (= 7.0.4)
16
- activesupport (= 7.0.4)
17
- rack (~> 2.0, >= 2.2.0)
14
+ actionpack (7.0.6)
15
+ actionview (= 7.0.6)
16
+ activesupport (= 7.0.6)
17
+ rack (~> 2.0, >= 2.2.4)
18
18
  rack-test (>= 0.6.3)
19
19
  rails-dom-testing (~> 2.0)
20
20
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
21
- actionview (7.0.4)
22
- activesupport (= 7.0.4)
21
+ actionview (7.0.6)
22
+ activesupport (= 7.0.6)
23
23
  builder (~> 3.1)
24
24
  erubi (~> 1.4)
25
25
  rails-dom-testing (~> 2.0)
26
26
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
27
- activesupport (7.0.4)
27
+ activesupport (7.0.6)
28
28
  concurrent-ruby (~> 1.0, >= 1.0.2)
29
29
  i18n (>= 1.6, < 2)
30
30
  minitest (>= 5.1)
31
31
  tzinfo (~> 2.0)
32
32
  builder (3.2.4)
33
33
  byebug (11.1.3)
34
- concurrent-ruby (1.1.10)
34
+ concurrent-ruby (1.2.2)
35
35
  crass (1.0.6)
36
36
  diff-lcs (1.5.0)
37
37
  dotenv (2.8.1)
38
38
  dotenv-rails (2.8.1)
39
39
  dotenv (= 2.8.1)
40
40
  railties (>= 3.2)
41
- erubi (1.11.0)
42
- i18n (1.12.0)
41
+ erubi (1.12.0)
42
+ i18n (1.14.1)
43
43
  concurrent-ruby (~> 1.0)
44
- lockbox (1.1.0)
45
- loofah (2.19.0)
44
+ lockbox (1.3.0)
45
+ loofah (2.21.3)
46
46
  crass (~> 1.0.2)
47
- nokogiri (>= 1.5.9)
47
+ nokogiri (>= 1.12.0)
48
48
  method_source (1.0.0)
49
- mini_portile2 (2.8.0)
50
- minitest (5.16.3)
51
- nokogiri (1.13.9)
52
- mini_portile2 (~> 2.8.0)
49
+ mini_portile2 (2.8.4)
50
+ minitest (5.19.0)
51
+ nokogiri (1.15.3)
52
+ mini_portile2 (~> 2.8.2)
53
53
  racc (~> 1.4)
54
- racc (1.6.0)
55
- rack (2.2.4)
56
- rack-test (2.0.2)
54
+ racc (1.7.1)
55
+ rack (2.2.7)
56
+ rack-test (2.1.0)
57
57
  rack (>= 1.3)
58
- rails-dom-testing (2.0.3)
59
- activesupport (>= 4.2.0)
58
+ rails-dom-testing (2.1.1)
59
+ activesupport (>= 5.0.0)
60
+ minitest
60
61
  nokogiri (>= 1.6)
61
- rails-html-sanitizer (1.4.3)
62
- loofah (~> 2.3)
63
- railties (7.0.4)
64
- actionpack (= 7.0.4)
65
- activesupport (= 7.0.4)
62
+ rails-html-sanitizer (1.6.0)
63
+ loofah (~> 2.21)
64
+ nokogiri (~> 1.14)
65
+ railties (7.0.6)
66
+ actionpack (= 7.0.6)
67
+ activesupport (= 7.0.6)
66
68
  method_source
67
69
  rake (>= 12.2)
68
70
  thor (~> 1.0)
@@ -82,10 +84,10 @@ GEM
82
84
  rspec-support (~> 3.11.0)
83
85
  rspec-support (3.11.0)
84
86
  spring (4.0.0)
85
- thor (1.2.1)
86
- tzinfo (2.0.5)
87
+ thor (1.2.2)
88
+ tzinfo (2.0.6)
87
89
  concurrent-ruby (~> 1.0)
88
- zeitwerk (2.6.1)
90
+ zeitwerk (2.6.9)
89
91
 
90
92
  PLATFORMS
91
93
  ruby
data/README.md CHANGED
@@ -2,18 +2,25 @@
2
2
 
3
3
  <img src="https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg" alt="dotenv-vault" align="right" width="200" />
4
4
 
5
- Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with a `.env.vault` file.
5
+ Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with `.env.vault` file support.
6
6
 
7
- The extended standard lets you sync your `.env` files quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important `.env` file again.
7
+ The extended standard lets you load encrypted secrets from your `.env.vault` file in production (and other) environments. Brought to you by the same people that pioneered [dotenv-nodejs](https://github.com/motdotla/dotenv).
8
8
 
9
- ## Installation
9
+ * [🌱 Install](#-install)
10
+ * [🏗️ Usage (.env)](#%EF%B8%8F-usage)
11
+ * [🚀 Deploying (.env.vault) 🆕](#-deploying)
12
+ * [🌴 Multiple Environments](#-manage-multiple-environments)
13
+ * [❓ FAQ](#-faq)
14
+ * [⏱️ Changelog](./CHANGELOG.md)
15
+
16
+ ## 🌱 Install
10
17
 
11
18
  ### Rails
12
19
 
13
20
  Add this line to the top of your application's Gemfile:
14
21
 
15
22
  ```ruby
16
- gem 'dotenv-vault-rails'
23
+ gem "dotenv-vault-rails", require: "dotenv-vault/rails-now"
17
24
  ```
18
25
 
19
26
  And then execute:
@@ -33,18 +40,16 @@ $ gem install dotenv-vault
33
40
  As early as possible in your application bootstrap process, load `.env`:
34
41
 
35
42
  ```ruby
36
- require 'dotenv-vault/load'
43
+ require "dotenv-vault/load"
37
44
 
38
45
  # or
39
- require 'dotenv-vault'
46
+ require "dotenv-vault"
40
47
  DotenvVault.load
41
48
  ```
42
49
 
43
- ## Usage
44
-
45
- ### `.env`
50
+ ## 🏗️ Usage
46
51
 
47
- Basic usage works just like [dotenv](https://github.com/bkeepers/dotenv).
52
+ Development usage works just like [dotenv](https://github.com/bkeepers/dotenv).
48
53
 
49
54
  Add your application configuration to your `.env` file in the root of your project:
50
55
 
@@ -56,99 +61,55 @@ SECRET_KEY=YOURSECRETKEYGOESHERE
56
61
  When your application loads, these variables will be available in `ENV`:
57
62
 
58
63
  ```ruby
59
- config.fog_directory = ENV['S3_BUCKET']
64
+ config.fog_directory = ENV["S3_BUCKET"]
60
65
  ```
61
66
 
62
- ### `.env.vault`
67
+ ## 🚀 Deploying
63
68
 
64
- The `.env.vault` extends `.env`. It facilitates syncing your `.env` file across machines, team members, and environments.
69
+ Encrypt your `.env.vault` file.
65
70
 
66
- Usage is similar to git. In the same directory as your `.env` file, run the command:
67
-
68
- ```shell
69
- $ npx dotenv-vault new
71
+ ```bash
72
+ $ npx dotenv-vault build
70
73
  ```
71
74
 
72
- Follow those instructions and then run:
75
+ Fetch your production `DOTENV_KEY`.
73
76
 
74
- ```shell
75
- $ npx dotenv-vault login
77
+ ```bash
78
+ $ npx dotenv-vault keys production
76
79
  ```
77
80
 
78
- Then run push and pull:
81
+ Set `DOTENV_KEY` on your server.
79
82
 
80
- ```shell
81
- $ npx dotenv-vault push
82
- $ npx dotenv-vault pull
83
+ ```bash
84
+ # heroku example
85
+ heroku config:set DOTENV_KEY=dotenv://:key_1234…@dotenv.org/vault/.env.vault?environment=production
83
86
  ```
84
87
 
85
- That's it!
88
+ That's it! On deploy, your `.env.vault` file will be decrypted and its secrets injected as environment variables – just in time.
86
89
 
87
- You just synced your `.env` file. Commit your `.env.vault` file to code, and tell your teammates to run `npx dotenv-vault pull`.
90
+ *ℹ️ A note from [Mot](https://github.com/motdotla): Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future.*
88
91
 
89
- [Learn more](https://www.dotenv.org/docs/tutorials/sync)
92
+ <a href="https://github.com/dotenv-org/dotenv-vault#dotenv-vault-">Learn more at dotenv-vault: Deploying</a>
90
93
 
91
- ## Multiple Environments
94
+ ## 🌴 Manage Multiple Environments
92
95
 
93
- Run the command:
96
+ Edit your production environment variables.
94
97
 
95
- ```shell
98
+ ```bash
96
99
  $ npx dotenv-vault open production
97
100
  ```
98
101
 
99
- It will open up an interface to manage your production environment variables.
102
+ Regenerate your `.env.vault` file.
100
103
 
101
- [Learn more](https://www.dotenv.org/docs/tutorials/environments)
102
-
103
- ## Integrate Anywhere™
104
-
105
- Build your encrypted `.env.vault`:
106
-
107
- ```shell
104
+ ```bash
108
105
  $ npx dotenv-vault build
109
106
  ```
110
107
 
111
- Safely commit and push your changes:
108
+ *ℹ️ 🔐 Vault Managed vs 💻 Locally Managed: The above example, for brevity's sake, used the 🔐 Vault Managed solution to manage your `.env.vault` file. You can instead use the 💻 Locally Managed solution. [Read more here](https://github.com/dotenv-org/dotenv-vault#how-do-i-use--locally-managed-dotenv-vault). Our vision is that other platforms and orchestration tools adopt the `.env.vault` standard as they did the `.env` standard. We don't expect to be the only ones providing tooling to manage and generate `.env.vault` files.*
112
109
 
113
- ```shell
114
- $ git commit -am "Updated .env.vault"
115
- $ git push
116
- ```
110
+ <a href="https://github.com/dotenv-org/dotenv-vault#-manage-multiple-environments">Learn more at dotenv-vault: Manage Multiple Environments</a>
117
111
 
118
- Obtain your `DOTENV_KEY`:
119
-
120
- ```shell
121
- $ npx dotenv-vault keys
122
- ```
123
-
124
- Set `DOTENV_KEY` on your infrastructure. For example, on Heroku:
125
-
126
- ```shell
127
- $ heroku config:set DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production"
128
- ```
129
-
130
- All set! When your app boots, it will recognize a `DOTENV_KEY` is set, decrypt the `.env.vault` file, and load the variables to `ENV`.
131
-
132
- Made a change to your production envs? Run `npx dotenv-vault build`, commit that safely to code, and deploy. It's simple and safe like that.
133
-
134
- [Learn more](https://www.dotenv.org/docs/tutorials/integrations)
135
-
136
- ## Dotenv.org
137
-
138
- You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
139
-
140
- ![](https://api.checklyhq.com/v1/badges/checks/c2fee99a-38e7-414e-89b8-9766ceeb1927?style=flat&theme=dark&responseTime=true)
141
- ![](https://api.checklyhq.com/v1/badges/checks/4f557967-1ed1-486a-b762-39a63781d752?style=flat&theme=dark&responseTime=true)
142
- <br>
143
- ![](https://api.checklyhq.com/v1/badges/checks/804eb6fa-6599-4688-a649-7ff3c39a64b9?style=flat&theme=dark&responseTime=true)
144
- ![](https://api.checklyhq.com/v1/badges/checks/6a94504e-e936-4f07-bc0b-e08fee2734b3?style=flat&theme=dark&responseTime=true)
145
- <br>
146
- ![](https://api.checklyhq.com/v1/badges/checks/06ac4f4e-3e0e-4501-9987-580b4d2a6b06?style=flat&theme=dark&responseTime=true)
147
- ![](https://api.checklyhq.com/v1/badges/checks/0ffc1e55-7ef0-4c2c-8acc-b6311871f41c?style=flat&theme=dark&responseTime=true)
148
-
149
- Visit [health.dotenv.org](https://health.dotenv.org) for more information.
150
-
151
- ## FAQ
112
+ ## FAQ
152
113
 
153
114
  #### What happens if `DOTENV_KEY` is not set?
154
115
 
@@ -178,6 +139,11 @@ No. It is the key that unlocks your encrypted environment variables. Be very car
178
139
 
179
140
  See [CHANGELOG.md](CHANGELOG.md)
180
141
 
142
+ ## Development
143
+
144
+ 1. Bump and tag version
145
+ 2. rake release
146
+
181
147
  ## License
182
148
 
183
149
  MIT
@@ -1,3 +1,3 @@
1
1
  module DotenvVault
2
- VERSION = "0.10.0"
2
+ VERSION = "0.10.1"
3
3
  end
data/lib/dotenv-vault.rb CHANGED
@@ -90,7 +90,7 @@ module DotenvVault
90
90
  #
91
91
  # Decrypts and loads to ENV
92
92
  def load_vault(*filenames)
93
- DotenvVault.logger.info("[dotenv-vault] Loading encrypted .env.vault to environment variables") if DotenvVault.logger
93
+ DotenvVault.logger.info("[dotenv-vault] Loading env from encrypted .env.vault") if DotenvVault.logger
94
94
 
95
95
  parsed = parse_vault(*filenames)
96
96
 
@@ -104,7 +104,7 @@ module DotenvVault
104
104
  #
105
105
  # Decrypts and overloads to ENV
106
106
  def overload_vault(*filenames)
107
- DotenvVault.logger.info("[dotenv-vault] Overloading encrypted .env.vault to environment variables") if DotenvVault.logger
107
+ DotenvVault.logger.info("[dotenv-vault] Overloading env from encrypted .env.vault") if DotenvVault.logger
108
108
 
109
109
  parsed = parse_vault(*filenames)
110
110
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dotenv-vault-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.0
4
+ version: 0.10.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - motdotla
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-11-18 00:00:00.000000000 Z
11
+ date: 2023-07-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dotenv-rails
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.10.0
33
+ version: 0.10.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.10.0
40
+ version: 0.10.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: spring
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -99,7 +99,7 @@ metadata:
99
99
  homepage_uri: https://github.com/dotenv-org/dotenv-vault-ruby
100
100
  source_code_uri: https://github.com/dotenv-org/dotenv-vault-ruby
101
101
  changelog_uri: https://github.com/dotenv-org/dotenv-vault-ruby
102
- post_install_message:
102
+ post_install_message:
103
103
  rdoc_options: []
104
104
  require_paths:
105
105
  - lib
@@ -114,8 +114,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
114
114
  - !ruby/object:Gem::Version
115
115
  version: '0'
116
116
  requirements: []
117
- rubygems_version: 3.1.6
118
- signing_key:
117
+ rubygems_version: 3.3.26
118
+ signing_key:
119
119
  specification_version: 4
120
120
  summary: Decrypt .env.vault file.
121
121
  test_files: []