RubyGems - dotenv-vault - Versions diffs - 0.10.0 → 0.10.1 - Mend

dotenv-vault 0.10.0 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d50c70b0cdf146642c45402aced8a3a917835a08d705d12285365a52b9e42c28
-  data.tar.gz: 0cad8a7095928704247fd5c0cde071be993612805c67163bde7e0c79d57c450c
+  metadata.gz: ea4194bf32f46a6276553e4c87e37252c8511663b74797291efb6d03388b074d
+  data.tar.gz: ef162b574d7ca8b79ee9ea290791cca4f924088c34e298c7e5062497b2e87ade
 SHA512:
-  metadata.gz: 71b28ee0642d01ccfcb065c32265d9352a4696e8dc16822917066039efad4e42b3155d365dcfa3780d26cc295804f72c5419d6e47360d25d45ad190c7e08c9e2
-  data.tar.gz: ae75c04dbad3f6a66d6b2f77eadd10a31d54de2c6e4f75a4f8a5c779fa6b70644d5bccfeb9b104e065de5abff1eade9321acce525f485bb8d75a6dcf44f55d42
+  metadata.gz: 1942043c014772062b5b8ae38e07ae10506aacf0fc24c81589cf26f2a4b2c58bc41aa0e368e7aa004934aaad84afbec3904694c7f329c48687a448fe21862728
+  data.tar.gz: 6cf74d179440a7be3554bb40fd262045a339be9239bbd54866d70e8885f2e29cf666ee216b82a11430b011f71f62bfbab69624f3c34a0974f04b04f9a08d86d5

data/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,13 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.9.0...master)
+## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.10.1...master)
+## 0.10.1
+### Changed
+- Modify the log message to `Loading env from encrypted .env.vault`.
 ## 0.10.0

data/Gemfile.lock CHANGED Viewed

@@ -1,68 +1,70 @@
 PATH
   remote: .
   specs:
-    dotenv-vault (0.10.0)
+    dotenv-vault (0.10.1)
       dotenv
       lockbox
-    dotenv-vault-rails (0.10.0)
+    dotenv-vault-rails (0.10.1)
       dotenv-rails
-      dotenv-vault (= 0.10.0)
+      dotenv-vault (= 0.10.1)
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.0.4)
-      actionview (= 7.0.4)
-      activesupport (= 7.0.4)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.0.6)
+      actionview (= 7.0.6)
+      activesupport (= 7.0.6)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.4)
-      activesupport (= 7.0.4)
+    actionview (7.0.6)
+      activesupport (= 7.0.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.4)
+    activesupport (7.0.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
     builder (3.2.4)
     byebug (11.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
     crass (1.0.6)
     diff-lcs (1.5.0)
     dotenv (2.8.1)
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
-    erubi (1.11.0)
-    i18n (1.12.0)
+    erubi (1.12.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    lockbox (1.1.0)
-    loofah (2.19.0)
+    lockbox (1.3.0)
+    loofah (2.21.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     method_source (1.0.0)
-    mini_portile2 (2.8.0)
-    minitest (5.16.3)
-    nokogiri (1.13.9)
-      mini_portile2 (~> 2.8.0)
+    mini_portile2 (2.8.4)
+    minitest (5.19.0)
+    nokogiri (1.15.3)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-test (2.0.2)
+    racc (1.7.1)
+    rack (2.2.7)
+    rack-test (2.1.0)
       rack (>= 1.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.1.1)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
-    railties (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.0.6)
+      actionpack (= 7.0.6)
+      activesupport (= 7.0.6)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -82,10 +84,10 @@ GEM
       rspec-support (~> 3.11.0)
     rspec-support (3.11.0)
     spring (4.0.0)
-    thor (1.2.1)
-    tzinfo (2.0.5)
+    thor (1.2.2)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    zeitwerk (2.6.1)
+    zeitwerk (2.6.9)
 PLATFORMS
   ruby

data/README.md CHANGED Viewed

@@ -2,18 +2,25 @@
 <img src="https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg" alt="dotenv-vault" align="right" width="200" />
-Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with a `.env.vault` file.
+Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with `.env.vault` file support.
-The extended standard lets you sync your `.env` files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important `.env` file again.
+The extended standard lets you load encrypted secrets from your `.env.vault` file in production (and other) environments. Brought to you by the same people that pioneered [dotenv-nodejs](https://github.com/motdotla/dotenv).
-## Installation
+* [🌱 Install](#-install)
+* [🏗️ Usage (.env)](#%EF%B8%8F-usage)
+* [🚀 Deploying (.env.vault) 🆕](#-deploying)
+* [🌴 Multiple Environments](#-manage-multiple-environments)
+* [❓ FAQ](#-faq)
+* [⏱️ Changelog](./CHANGELOG.md)
+## 🌱 Install
 ### Rails
 Add this line to the top of your application's Gemfile:
 ```ruby
-gem 'dotenv-vault-rails'
+gem "dotenv-vault-rails", require: "dotenv-vault/rails-now"
 ```
 And then execute:
@@ -33,18 +40,16 @@ $ gem install dotenv-vault
 As early as possible in your application bootstrap process, load `.env`:
 ```ruby
-require 'dotenv-vault/load'
+require "dotenv-vault/load"
 # or
-require 'dotenv-vault'
+require "dotenv-vault"
 DotenvVault.load
 ```
-## Usage
-### `.env`
+## 🏗️ Usage
-Basic usage works just like [dotenv](https://github.com/bkeepers/dotenv).
+Development usage works just like [dotenv](https://github.com/bkeepers/dotenv).
 Add your application configuration to your `.env` file in the root of your project:
@@ -56,99 +61,55 @@ SECRET_KEY=YOURSECRETKEYGOESHERE
 When your application loads, these variables will be available in `ENV`:
 ```ruby
-config.fog_directory  = ENV['S3_BUCKET']
+config.fog_directory  = ENV["S3_BUCKET"]
 ```
-### `.env.vault`
+## 🚀 Deploying
-The `.env.vault` extends `.env`. It facilitates syncing your `.env` file across machines, team members, and environments.
+Encrypt your `.env.vault` file.
-Usage is similar to git. In the same directory as your `.env` file, run the command:
-```shell
-$ npx dotenv-vault new
+```bash
+$ npx dotenv-vault build
 ```
-Follow those instructions and then run:
+Fetch your production `DOTENV_KEY`.
-```shell
-$ npx dotenv-vault login
+```bash
+$ npx dotenv-vault keys production
 ```
-Then run push and pull:
+Set `DOTENV_KEY` on your server.
-```shell
-$ npx dotenv-vault push
-$ npx dotenv-vault pull
+```bash
+# heroku example
+heroku config:set DOTENV_KEY=dotenv://:key_1234…@dotenv.org/vault/.env.vault?environment=production
 ```
-That's it!
+That's it! On deploy, your `.env.vault` file will be decrypted and its secrets injected as environment variables – just in time.
-You just synced your `.env` file. Commit your `.env.vault` file to code, and tell your teammates to run `npx dotenv-vault pull`.
+*ℹ️ A note from [Mot](https://github.com/motdotla): Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers – protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future.*
-[Learn more](https://www.dotenv.org/docs/tutorials/sync)
+<a href="https://github.com/dotenv-org/dotenv-vault#dotenv-vault-">Learn more at dotenv-vault: Deploying</a>
-## Multiple Environments
+## 🌴 Manage Multiple Environments
-Run the command:
+Edit your production environment variables.
-```shell
+```bash
 $ npx dotenv-vault open production
 ```
-It will open up an interface to manage your production environment variables.
+Regenerate your `.env.vault` file.
-[Learn more](https://www.dotenv.org/docs/tutorials/environments)
-## Integrate Anywhere™
-Build your encrypted `.env.vault`:
-```shell
+```bash
 $ npx dotenv-vault build
 ```
-Safely commit and push your changes:
+*ℹ️  🔐 Vault Managed vs 💻 Locally Managed: The above example, for brevity's sake, used the 🔐 Vault Managed solution to manage your `.env.vault` file. You can instead use the 💻 Locally Managed solution. [Read more here](https://github.com/dotenv-org/dotenv-vault#how-do-i-use--locally-managed-dotenv-vault). Our vision is that other platforms and orchestration tools adopt the `.env.vault` standard as they did the `.env` standard. We don't expect to be the only ones providing tooling to manage and generate `.env.vault` files.*
-```shell
-$ git commit -am "Updated .env.vault"
-$ git push
-```
+<a href="https://github.com/dotenv-org/dotenv-vault#-manage-multiple-environments">Learn more at dotenv-vault: Manage Multiple Environments</a>
-Obtain your `DOTENV_KEY`:
-```shell
-$ npx dotenv-vault keys
-```
-Set `DOTENV_KEY` on your infrastructure. For example, on Heroku:
-```shell
-$ heroku config:set DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production"
-```
-All set! When your app boots, it will recognize a `DOTENV_KEY` is set, decrypt the `.env.vault` file, and load the variables to `ENV`.
-Made a change to your production envs? Run `npx dotenv-vault build`, commit that safely to code, and deploy. It's simple and safe like that.
-[Learn more](https://www.dotenv.org/docs/tutorials/integrations)
-## Dotenv.org
-You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
-![](https://api.checklyhq.com/v1/badges/checks/c2fee99a-38e7-414e-89b8-9766ceeb1927?style=flat&theme=dark&responseTime=true)
-![](https://api.checklyhq.com/v1/badges/checks/4f557967-1ed1-486a-b762-39a63781d752?style=flat&theme=dark&responseTime=true)
-<br>
-![](https://api.checklyhq.com/v1/badges/checks/804eb6fa-6599-4688-a649-7ff3c39a64b9?style=flat&theme=dark&responseTime=true)
-![](https://api.checklyhq.com/v1/badges/checks/6a94504e-e936-4f07-bc0b-e08fee2734b3?style=flat&theme=dark&responseTime=true)
-<br>
-![](https://api.checklyhq.com/v1/badges/checks/06ac4f4e-3e0e-4501-9987-580b4d2a6b06?style=flat&theme=dark&responseTime=true)
-![](https://api.checklyhq.com/v1/badges/checks/0ffc1e55-7ef0-4c2c-8acc-b6311871f41c?style=flat&theme=dark&responseTime=true)
-Visit [health.dotenv.org](https://health.dotenv.org) for more information.
-## FAQ
+## ❓ FAQ
 #### What happens if `DOTENV_KEY` is not set?
@@ -178,6 +139,11 @@ No. It is the key that unlocks your encrypted environment variables. Be very car
 See [CHANGELOG.md](CHANGELOG.md)
+## Development
+1. Bump and tag version
+2. rake release
 ## License
 MIT

data/lib/dotenv-vault/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DotenvVault
-  VERSION = "0.10.0"
+  VERSION = "0.10.1"
 end

data/lib/dotenv-vault.rb CHANGED Viewed

@@ -90,7 +90,7 @@ module DotenvVault
   #
   # Decrypts and loads to ENV
   def load_vault(*filenames)
-    DotenvVault.logger.info("[dotenv-vault] Loading encrypted .env.vault to environment variables") if DotenvVault.logger
+    DotenvVault.logger.info("[dotenv-vault] Loading env from encrypted .env.vault") if DotenvVault.logger
     parsed = parse_vault(*filenames)
@@ -104,7 +104,7 @@ module DotenvVault
   #
   # Decrypts and overloads to ENV
   def overload_vault(*filenames)
-    DotenvVault.logger.info("[dotenv-vault] Overloading encrypted .env.vault to environment variables") if DotenvVault.logger
+    DotenvVault.logger.info("[dotenv-vault] Overloading env from encrypted .env.vault") if DotenvVault.logger
     parsed = parse_vault(*filenames)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dotenv-vault
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.10.1
 platform: ruby
 authors:
 - motdotla
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-11-18 00:00:00.000000000 Z
+date: 2023-07-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dotenv
@@ -113,7 +113,7 @@ metadata:
   homepage_uri: https://github.com/dotenv-org/dotenv-vault-ruby
   source_code_uri: https://github.com/dotenv-org/dotenv-vault-ruby
   changelog_uri: https://github.com/dotenv-org/dotenv-vault-ruby
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -128,8 +128,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.3.26
+signing_key:
 specification_version: 4
 summary: Decrypt .env.vault file.
 test_files: []