RubyGems - dotenv-vault - Versions diffs - 0.10.0 → 0.10.1 - Mend

dotenv-vault 0.10.0 → 0.10.1

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d50c70b0cdf146642c45402aced8a3a917835a08d705d12285365a52b9e42c28
-  data.tar.gz: 0cad8a7095928704247fd5c0cde071be993612805c67163bde7e0c79d57c450c
+  metadata.gz: ea4194bf32f46a6276553e4c87e37252c8511663b74797291efb6d03388b074d
+  data.tar.gz: ef162b574d7ca8b79ee9ea290791cca4f924088c34e298c7e5062497b2e87ade
 SHA512:
-  metadata.gz: 71b28ee0642d01ccfcb065c32265d9352a4696e8dc16822917066039efad4e42b3155d365dcfa3780d26cc295804f72c5419d6e47360d25d45ad190c7e08c9e2
-  data.tar.gz: ae75c04dbad3f6a66d6b2f77eadd10a31d54de2c6e4f75a4f8a5c779fa6b70644d5bccfeb9b104e065de5abff1eade9321acce525f485bb8d75a6dcf44f55d42
+  metadata.gz: 1942043c014772062b5b8ae38e07ae10506aacf0fc24c81589cf26f2a4b2c58bc41aa0e368e7aa004934aaad84afbec3904694c7f329c48687a448fe21862728
+  data.tar.gz: 6cf74d179440a7be3554bb40fd262045a339be9239bbd54866d70e8885f2e29cf666ee216b82a11430b011f71f62bfbab69624f3c34a0974f04b04f9a08d86d5

data/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,13 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.9.0...master)
+## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.10.1...master)
+## 0.10.1
+### Changed
+- Modify the log message to `Loading env from encrypted .env.vault`.
 ## 0.10.0

data/Gemfile.lock CHANGED Viewed

@@ -1,68 +1,70 @@
 PATH
   remote: .
   specs:
-    dotenv-vault (0.10.0)
+    dotenv-vault (0.10.1)
       dotenv
       lockbox
-    dotenv-vault-rails (0.10.0)
+    dotenv-vault-rails (0.10.1)
       dotenv-rails
-      dotenv-vault (= 0.10.0)
+      dotenv-vault (= 0.10.1)
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.0.4)
-      actionview (= 7.0.4)
-      activesupport (= 7.0.4)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.0.6)
+      actionview (= 7.0.6)
+      activesupport (= 7.0.6)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.4)
-      activesupport (= 7.0.4)
+    actionview (7.0.6)
+      activesupport (= 7.0.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.4)
+    activesupport (7.0.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
     builder (3.2.4)
     byebug (11.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
     crass (1.0.6)
     diff-lcs (1.5.0)
     dotenv (2.8.1)
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
-    erubi (1.11.0)
-    i18n (1.12.0)
+    erubi (1.12.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    lockbox (1.1.0)
-    loofah (2.19.0)
+    lockbox (1.3.0)
+    loofah (2.21.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     method_source (1.0.0)
-    mini_portile2 (2.8.0)
-    minitest (5.16.3)
-    nokogiri (1.13.9)
-      mini_portile2 (~> 2.8.0)
+    mini_portile2 (2.8.4)
+    minitest (5.19.0)
+    nokogiri (1.15.3)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-test (2.0.2)
+    racc (1.7.1)
+    rack (2.2.7)
+    rack-test (2.1.0)
       rack (>= 1.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.1.1)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
-    railties (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.0.6)
+      actionpack (= 7.0.6)
+      activesupport (= 7.0.6)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -82,10 +84,10 @@ GEM
       rspec-support (~> 3.11.0)
     rspec-support (3.11.0)
     spring (4.0.0)
-    thor (1.2.1)
-    tzinfo (2.0.5)
+    thor (1.2.2)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    zeitwerk (2.6.1)
+    zeitwerk (2.6.9)
 PLATFORMS
   ruby

data/README.md CHANGED Viewed

@@ -2,18 +2,25 @@
 <img src="https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg" alt="dotenv-vault" align="right" width="200" />
-Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with a `.env.vault` file.
+Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with `.env.vault` file support.
-The extended standard lets you sync your `.env` files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important `.env` file again.
+The extended standard lets you load encrypted secrets from your `.env.vault` file in production (and other) environments. Brought to you by the same people that pioneered [dotenv-nodejs](https://github.com/motdotla/dotenv).
-## Installation
+* [🌱 Install](#-install)
+* [🏗️ Usage (.env)](#%EF%B8%8F-usage)
+* [🚀 Deploying (.env.vault) 🆕](#-deploying)
+* [🌴 Multiple Environments](#-manage-multiple-environments)
+* [❓ FAQ](#-faq)
+* [⏱️ Changelog](./CHANGELOG.md)
+## 🌱 Install
 ### Rails
 Add this line to the top of your application's Gemfile:
 ```ruby
-gem 'dotenv-vault-rails'
+gem "dotenv-vault-rails", require: "dotenv-vault/rails-now"
 ```
 And then execute:
@@ -33,18 +40,16 @@ $ gem install dotenv-vault
 As early as possible in your application bootstrap process, load `.env`:
 ```ruby
-require 'dotenv-vault/load'
+require "dotenv-vault/load"
 # or
-require 'dotenv-vault'
+require "dotenv-vault"
 DotenvVault.load
 ```
-## Usage
-### `.env`
+## 🏗️ Usage
-Basic usage works just like [dotenv](https://github.com/bkeepers/dotenv).
+Development usage works just like [dotenv](https://github.com/bkeepers/dotenv).
 Add your application configuration to your `.env` file in the root of your project:
@@ -56,99 +61,55 @@ SECRET_KEY=YOURSECRETKEYGOESHERE
 When your application loads, these variables will be available in `ENV`:
 ```ruby
-config.fog_directory  = ENV['S3_BUCKET']
+config.fog_directory  = ENV["S3_BUCKET"]
 ```
-### `.env.vault`
+## 🚀 Deploying
-The `.env.vault` extends `.env`. It facilitates syncing your `.env` file across machines, team members, and environments.
+Encrypt your `.env.vault` file.
-Usage is similar to git. In the same directory as your `.env` file, run the command:
-```shell
-$ npx dotenv-vault new
+```bash
+$ npx dotenv-vault build
 ```
-Follow those instructions and then run:
+Fetch your production `DOTENV_KEY`.
-```shell
-$ npx dotenv-vault login
+```bash
+$ npx dotenv-vault keys production
 ```
-Then run push and pull:
+Set `DOTENV_KEY` on your server.
-```shell
-$ npx dotenv-vault push
-$ npx dotenv-vault pull
+```bash
+# heroku example
+heroku config:set DOTENV_KEY=dotenv://:key_1234…@dotenv.org/vault/.env.vault?environment=production
 ```
-That's it!
+That's it! On deploy, your `.env.vault` file will be decrypted and its secrets injected as environment variables – just in time.
-You just synced your `.env` file. Commit your `.env.vault` file to code, and tell your teammates to run `npx dotenv-vault pull`.
+*ℹ️ A note from [Mot](https://github.com/motdotla): Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers – protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future.*
-[Learn more](https://www.dotenv.org/docs/tutorials/sync)
+<a href="https://github.com/dotenv-org/dotenv-vault#dotenv-vault-">Learn more at dotenv-vault: Deploying</a>
-## Multiple Environments
+## 🌴 Manage Multiple Environments
-Run the command:
+Edit your production environment variables.
-```shell
+```bash
 $ npx dotenv-vault open production
 ```
-It will open up an interface to manage your production environment variables.
+Regenerate your `.env.vault` file.
-[Learn more](https://www.dotenv.org/docs/tutorials/environments)
-## Integrate Anywhere™
-Build your encrypted `.env.vault`:
-```shell
+```bash
 $ npx dotenv-vault build
 ```
-Safely commit and push your changes:
+*ℹ️  🔐 Vault Managed vs 💻 Locally Managed: The above example, for brevity's sake, used the 🔐 Vault Managed solution to manage your `.env.vault` file. You can instead use the 💻 Locally Managed solution. [Read more here](https://github.com/dotenv-org/dotenv-vault#how-do-i-use--locally-managed-dotenv-vault). Our vision is that other platforms and orchestration tools adopt the `.env.vault` standard as they did the `.env` standard. We don't expect to be the only ones providing tooling to manage and generate `.env.vault` files.*
-```shell
-$ git commit -am "Updated .env.vault"
-$ git push
-```
+<a href="https://github.com/dotenv-org/dotenv-vault#-manage-multiple-environments">Learn more at dotenv-vault: Manage Multiple Environments</a>
-Obtain your `DOTENV_KEY`:
-```shell
-$ npx dotenv-vault keys
-```
-Set `DOTENV_KEY` on your infrastructure. For example, on Heroku:
-```shell
-$ heroku config:set DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production"
-```
-All set! When your app boots, it will recognize a `DOTENV_KEY` is set, decrypt the `.env.vault` file, and load the variables to `ENV`.
-Made a change to your production envs? Run `npx dotenv-vault build`, commit that safely to code, and deploy. It's simple and safe like that.
-[Learn more](https://www.dotenv.org/docs/tutorials/integrations)
-## Dotenv.org
-You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
-![](https://api.checklyhq.com/v1/badges/checks/c2fee99a-38e7-414e-89b8-9766ceeb1927?style=flat&theme=dark&responseTime=true)
-![](https://api.checklyhq.com/v1/badges/checks/4f557967-1ed1-486a-b762-39a63781d752?style=flat&theme=dark&responseTime=true)
-<br>
-![](https://api.checklyhq.com/v1/badges/checks/804eb6fa-6599-4688-a649-7ff3c39a64b9?style=flat&theme=dark&responseTime=true)
-![](https://api.checklyhq.com/v1/badges/checks/6a94504e-e936-4f07-bc0b-e08fee2734b3?style=flat&theme=dark&responseTime=true)
-<br>
-![](https://api.checklyhq.com/v1/badges/checks/06ac4f4e-3e0e-4501-9987-580b4d2a6b06?style=flat&theme=dark&responseTime=true)
-![](https://api.checklyhq.com/v1/badges/checks/0ffc1e55-7ef0-4c2c-8acc-b6311871f41c?style=flat&theme=dark&responseTime=true)
-Visit [health.dotenv.org](https://health.dotenv.org) for more information.
-## FAQ
+## ❓ FAQ
 #### What happens if `DOTENV_KEY` is not set?
@@ -178,6 +139,11 @@ No. It is the key that unlocks your encrypted environment variables. Be very car
 See [CHANGELOG.md](CHANGELOG.md)
+## Development
+1. Bump and tag version
+2. rake release
 ## License
 MIT

data/lib/dotenv-vault/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DotenvVault
-  VERSION = "0.10.0"
+  VERSION = "0.10.1"
 end

data/lib/dotenv-vault.rb CHANGED Viewed

@@ -90,7 +90,7 @@ module DotenvVault
   #
   # Decrypts and loads to ENV
   def load_vault(*filenames)
-    DotenvVault.logger.info("[dotenv-vault] Loading encrypted .env.vault to environment variables") if DotenvVault.logger
+    DotenvVault.logger.info("[dotenv-vault] Loading env from encrypted .env.vault") if DotenvVault.logger
     parsed = parse_vault(*filenames)
@@ -104,7 +104,7 @@ module DotenvVault
   #
   # Decrypts and overloads to ENV
   def overload_vault(*filenames)
-    DotenvVault.logger.info("[dotenv-vault] Overloading encrypted .env.vault to environment variables") if DotenvVault.logger
+    DotenvVault.logger.info("[dotenv-vault] Overloading env from encrypted .env.vault") if DotenvVault.logger
     parsed = parse_vault(*filenames)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dotenv-vault
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.10.1
 platform: ruby
 authors:
 - motdotla
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-11-18 00:00:00.000000000 Z
+date: 2023-07-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dotenv
@@ -113,7 +113,7 @@ metadata:
   homepage_uri: https://github.com/dotenv-org/dotenv-vault-ruby
   source_code_uri: https://github.com/dotenv-org/dotenv-vault-ruby
   changelog_uri: https://github.com/dotenv-org/dotenv-vault-ruby
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -128,8 +128,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.3.26
+signing_key:
 specification_version: 4
 summary: Decrypt .env.vault file.
 test_files: []