dotenv-vault-rails 0.6.0 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40bf354479d33c010a5f1899482b90f9ee6094702c6c99ae730a115ac53227a8
-  data.tar.gz: 5afb9b56bfbceb85e78f1252420569316496f4f229b336d912ba854aa763f6fb
+  metadata.gz: e91991151b13e9afd810b5e8d8bdc14f8af6019e17f6ec103a37bc1bf8a2d4e3
+  data.tar.gz: 70d8a1939630149570a0873f02af6dff4c796bfc2ff5860693d305ada37fd480
 SHA512:
-  metadata.gz: 32fb077fb0c97c19522cff72e8d4721b90ab106d6d2606ad3cb684c4290d9f75c3b4b6fd73a839094dbb439518231ae37983254b20c2f8ebc155e07e4abf5fb9
-  data.tar.gz: a14615e72623fef08ffccc662dd86d2950e2b34b65f613032382b9e16bff1ee5592b81ec7be8e40f7602f0a89e3cebdff440373f1adb99ab9520f1296bb14787
+  metadata.gz: 0f6b4372e769083a970bca589926fc17831c2dbae97ddd49cd0bbce7442242fdea69fa06407dd6d219c1c9c2948b861499f29dade4a16517f529cb03ddf3d14c
+  data.tar.gz: 2ddcf5cdf739284fc528803f1747536383c742689b48d65d599461df2c89c9063e182821f2630fb9f5ad40ff09ff68eff32f284e66187d1f693d88c7b059d60b

data/CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.7.0...master)
+
+## 0.7.0 and prior
+
+Please see commit history.

data/Gemfile.lock

@@ -1,12 +1,12 @@
 PATH
   remote: .
   specs:
-    dotenv-vault (0.6.0)
+    dotenv-vault (0.7.1)
       dotenv
       lockbox
-    dotenv-vault-rails (0.6.0)
+    dotenv-vault-rails (0.7.1)
       dotenv-rails
-      dotenv-vault (= 0.6.0)
+      dotenv-vault (= 0.7.1)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -1,3 +1,150 @@
-# dotenv-vault
+# dotenv-vault [![Gem Version](https://badge.fury.io/rb/dotenv-vault.svg)](https://badge.fury.io/rb/dotenv-vault)
 
-Coming soon
+<img src="https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg" alt="dotenv-vault" align="right" width="200" />
+
+Dotenv Vault extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with a `.env.vault` file.
+
+This new standard lets you sync your .env files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important .env file again.
+
+## Installation
+
+### Rails
+
+Add this line to the top of your application's Gemfile:
+
+```ruby
+gem 'dotenv-vault-rails'
+```
+
+And then execute:
+
+```shell
+$ bundle
+```
+
+## Usage
+
+### `.env`
+
+Basic usage begins just like [dotenv](https://github.com/bkeepers/dotenv).
+
+Add your application configuration to your `.env` file in the root of your project:
+
+```shell
+S3_BUCKET=YOURS3BUCKET
+SECRET_KEY=YOURSECRETKEYGOESHERE
+```
+
+Whenever your application loads, these variables will be available in `ENV`:
+
+```ruby
+config.fog_directory  = ENV['S3_BUCKET']
+```
+
+### `.env.vault`
+
+Usage is similar to git. In the same directory as your `.env` file, run the command:
+
+```shell
+npx dotenv-vault new
+```
+
+Follow those instructions and then run:
+
+```shell
+$ npx dotenv-vault login
+```
+
+Then run push and pull:
+
+```shell
+$ npx dotenv-vault push
+$ npx dotenv-vault pull
+```
+
+That's it!
+
+You just synced your `.env` file. Commit your `.env.vault` file to code, and tell your teammates to run `npx dotenv-vault pull`.
+
+## Multiple Environments
+
+Run the command:
+
+```shell
+$ npx dotenv-vault open production
+```
+
+It will open up an interface to manage your production environment variables.
+
+..or if you prefer to manage them in your text editor, run the command:
+
+```shell
+$ npx dotenv-vault pull production
+```
+
+Edit the `.env.production` file and push your changes:
+
+```shell
+$ npx dotenv-vault push production
+```
+
+Neato.
+
+## Deploy Anywhere
+
+Build your encrypted `.env.vault`. Run the command:
+
+```shell
+$ npx dotenv-vault build
+```
+
+Safely commit and push your changes:
+
+```shell
+$ git commit -am "Updated .env.vault"
+$ git push
+```
+
+Obtain your `DOTENV_KEY`:
+
+```shell
+$ npx dotenv-vault keys
+```
+
+Set `DOTENV_KEY` on your infrastructure. For example, on Heroku:
+
+```shell
+$ heroku config:set DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production"
+```
+
+All set! When your app boots, it will recognize a `DOTENV_KEY` is set, decrypt the `.env.vault` file, and load the variables to `ENV`.
+
+## FAQ
+
+### What happens if DOTENV_KEY is not set?
+
+Dotenv Vault gracefully falls back to [dotenv](https://github.com/bkeepers/dotenv) when `DOTENV_KEY` is not set. This is useful for development.
+
+### Should I commit my `.env` file?
+
+No. We **strongly** recommend against committing your `.env` file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.
+
+### Should I commit my `.env.vault` file?
+
+Yes. It is safe and recommended to do so. It contains your vault identifier at the vault provider (in this case [dotenv.org](https://dotenv.org)) and contains your encrypted values.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Changelog
+
+See [CHANGELOG.md](CHANGELOG.md)
+
+## License
+
+MIT

data/lib/dotenv-vault/version.rb

@@ -1,3 +1,3 @@
 module DotenvVault
-  VERSION = "0.6.0"
+  VERSION = "0.7.1"
 end

data/lib/dotenv-vault.rb

@@ -2,6 +2,7 @@ require "uri"
 require "dotenv"
 require "lockbox"
 require "dotenv-vault/version"
+require "logger"
 
 module DotenvVault
   class NotFoundDotenvKey < ArgumentError; end
@@ -14,6 +15,10 @@ module DotenvVault
 
   class << self
     attr_accessor :instrumenter
+
+    def logger
+      @logger ||= Logger.new(STDOUT)
+    end
   end
 
   module_function
@@ -85,6 +90,8 @@ module DotenvVault
   #
   # Decrypts and loads to ENV
   def load_vault(*filenames)
+    DotenvVault.logger.info("[dotenv-vault] Loading encrypted .env.vault to environment variables") if DotenvVault.logger
+
     parsed = parse_vault(*filenames)
     
     # Set ENV
@@ -97,6 +104,8 @@ module DotenvVault
   #
   # Decrypts and overloads to ENV
   def overload_vault(*filenames)
+    DotenvVault.logger.info("[dotenv-vault] Overloading encrypted .env.vault to environment variables") if DotenvVault.logger
+
     parsed = parse_vault(*filenames)
     
     # Set ENV

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dotenv-vault-rails
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.1
 platform: ruby
 authors:
 - motdotla
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-09-17 00:00:00.000000000 Z
+date: 2022-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dotenv-rails
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.7.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.7.1
 - !ruby/object:Gem::Dependency
   name: spring
   requirement: !ruby/object:Gem::Requirement
@@ -76,6 +76,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt