dotenv-vault 0.9.0 → 0.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/Gemfile.lock +35 -33
- data/README.md +43 -77
- data/dotenv-vault-rails.gemspec +2 -2
- data/dotenv-vault.gemspec +2 -2
- data/lib/dotenv-vault/version.rb +1 -1
- data/lib/dotenv-vault.rb +57 -23
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ea4194bf32f46a6276553e4c87e37252c8511663b74797291efb6d03388b074d
|
4
|
+
data.tar.gz: ef162b574d7ca8b79ee9ea290791cca4f924088c34e298c7e5062497b2e87ade
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1942043c014772062b5b8ae38e07ae10506aacf0fc24c81589cf26f2a4b2c58bc41aa0e368e7aa004934aaad84afbec3904694c7f329c48687a448fe21862728
|
7
|
+
data.tar.gz: 6cf74d179440a7be3554bb40fd262045a339be9239bbd54866d70e8885f2e29cf666ee216b82a11430b011f71f62bfbab69624f3c34a0974f04b04f9a08d86d5
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,19 @@
|
|
2
2
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
4
4
|
|
5
|
-
## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.
|
5
|
+
## [Unreleased](https://github.com/dotenv-org/dotenv-vault-ruby/compare/v0.10.1...master)
|
6
|
+
|
7
|
+
## 0.10.1
|
8
|
+
|
9
|
+
### Changed
|
10
|
+
|
11
|
+
- Modify the log message to `Loading env from encrypted .env.vault`.
|
12
|
+
|
13
|
+
## 0.10.0
|
14
|
+
|
15
|
+
### Added
|
16
|
+
|
17
|
+
- Support key rotation. Added comma separated capability to `DOTENV_KEY`. Add multiple keys to your DOTENV_KEY for use with decryption. Separate with a comma. [#2](https://github.com/dotenv-org/dotenv-vault-ruby/pull/2)
|
6
18
|
|
7
19
|
## 0.9.0
|
8
20
|
|
data/Gemfile.lock
CHANGED
@@ -1,68 +1,70 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
dotenv-vault (0.
|
4
|
+
dotenv-vault (0.10.1)
|
5
5
|
dotenv
|
6
6
|
lockbox
|
7
|
-
dotenv-vault-rails (0.
|
7
|
+
dotenv-vault-rails (0.10.1)
|
8
8
|
dotenv-rails
|
9
|
-
dotenv-vault (= 0.
|
9
|
+
dotenv-vault (= 0.10.1)
|
10
10
|
|
11
11
|
GEM
|
12
12
|
remote: https://rubygems.org/
|
13
13
|
specs:
|
14
|
-
actionpack (7.0.
|
15
|
-
actionview (= 7.0.
|
16
|
-
activesupport (= 7.0.
|
17
|
-
rack (~> 2.0, >= 2.2.
|
14
|
+
actionpack (7.0.6)
|
15
|
+
actionview (= 7.0.6)
|
16
|
+
activesupport (= 7.0.6)
|
17
|
+
rack (~> 2.0, >= 2.2.4)
|
18
18
|
rack-test (>= 0.6.3)
|
19
19
|
rails-dom-testing (~> 2.0)
|
20
20
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
21
|
-
actionview (7.0.
|
22
|
-
activesupport (= 7.0.
|
21
|
+
actionview (7.0.6)
|
22
|
+
activesupport (= 7.0.6)
|
23
23
|
builder (~> 3.1)
|
24
24
|
erubi (~> 1.4)
|
25
25
|
rails-dom-testing (~> 2.0)
|
26
26
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
27
|
-
activesupport (7.0.
|
27
|
+
activesupport (7.0.6)
|
28
28
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
29
29
|
i18n (>= 1.6, < 2)
|
30
30
|
minitest (>= 5.1)
|
31
31
|
tzinfo (~> 2.0)
|
32
32
|
builder (3.2.4)
|
33
33
|
byebug (11.1.3)
|
34
|
-
concurrent-ruby (1.
|
34
|
+
concurrent-ruby (1.2.2)
|
35
35
|
crass (1.0.6)
|
36
36
|
diff-lcs (1.5.0)
|
37
37
|
dotenv (2.8.1)
|
38
38
|
dotenv-rails (2.8.1)
|
39
39
|
dotenv (= 2.8.1)
|
40
40
|
railties (>= 3.2)
|
41
|
-
erubi (1.
|
42
|
-
i18n (1.
|
41
|
+
erubi (1.12.0)
|
42
|
+
i18n (1.14.1)
|
43
43
|
concurrent-ruby (~> 1.0)
|
44
|
-
lockbox (1.
|
45
|
-
loofah (2.
|
44
|
+
lockbox (1.3.0)
|
45
|
+
loofah (2.21.3)
|
46
46
|
crass (~> 1.0.2)
|
47
|
-
nokogiri (>= 1.
|
47
|
+
nokogiri (>= 1.12.0)
|
48
48
|
method_source (1.0.0)
|
49
|
-
mini_portile2 (2.8.
|
50
|
-
minitest (5.
|
51
|
-
nokogiri (1.
|
52
|
-
mini_portile2 (~> 2.8.
|
49
|
+
mini_portile2 (2.8.4)
|
50
|
+
minitest (5.19.0)
|
51
|
+
nokogiri (1.15.3)
|
52
|
+
mini_portile2 (~> 2.8.2)
|
53
53
|
racc (~> 1.4)
|
54
|
-
racc (1.
|
55
|
-
rack (2.2.
|
56
|
-
rack-test (2.0
|
54
|
+
racc (1.7.1)
|
55
|
+
rack (2.2.7)
|
56
|
+
rack-test (2.1.0)
|
57
57
|
rack (>= 1.3)
|
58
|
-
rails-dom-testing (2.
|
59
|
-
activesupport (>=
|
58
|
+
rails-dom-testing (2.1.1)
|
59
|
+
activesupport (>= 5.0.0)
|
60
|
+
minitest
|
60
61
|
nokogiri (>= 1.6)
|
61
|
-
rails-html-sanitizer (1.
|
62
|
-
loofah (~> 2.
|
63
|
-
|
64
|
-
|
65
|
-
|
62
|
+
rails-html-sanitizer (1.6.0)
|
63
|
+
loofah (~> 2.21)
|
64
|
+
nokogiri (~> 1.14)
|
65
|
+
railties (7.0.6)
|
66
|
+
actionpack (= 7.0.6)
|
67
|
+
activesupport (= 7.0.6)
|
66
68
|
method_source
|
67
69
|
rake (>= 12.2)
|
68
70
|
thor (~> 1.0)
|
@@ -82,10 +84,10 @@ GEM
|
|
82
84
|
rspec-support (~> 3.11.0)
|
83
85
|
rspec-support (3.11.0)
|
84
86
|
spring (4.0.0)
|
85
|
-
thor (1.2.
|
86
|
-
tzinfo (2.0.
|
87
|
+
thor (1.2.2)
|
88
|
+
tzinfo (2.0.6)
|
87
89
|
concurrent-ruby (~> 1.0)
|
88
|
-
zeitwerk (2.6.
|
90
|
+
zeitwerk (2.6.9)
|
89
91
|
|
90
92
|
PLATFORMS
|
91
93
|
ruby
|
data/README.md
CHANGED
@@ -2,22 +2,25 @@
|
|
2
2
|
|
3
3
|
<img src="https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg" alt="dotenv-vault" align="right" width="200" />
|
4
4
|
|
5
|
-
|
5
|
+
Extends the proven & trusted foundation of [dotenv](https://github.com/bkeepers/dotenv), with `.env.vault` file support.
|
6
6
|
|
7
|
-
The extended standard lets you
|
7
|
+
The extended standard lets you load encrypted secrets from your `.env.vault` file in production (and other) environments. Brought to you by the same people that pioneered [dotenv-nodejs](https://github.com/motdotla/dotenv).
|
8
8
|
|
9
|
-
|
9
|
+
* [🌱 Install](#-install)
|
10
|
+
* [🏗️ Usage (.env)](#%EF%B8%8F-usage)
|
11
|
+
* [🚀 Deploying (.env.vault) 🆕](#-deploying)
|
12
|
+
* [🌴 Multiple Environments](#-manage-multiple-environments)
|
13
|
+
* [❓ FAQ](#-faq)
|
14
|
+
* [⏱️ Changelog](./CHANGELOG.md)
|
10
15
|
|
11
|
-
|
12
|
-
|
13
|
-
## Installation
|
16
|
+
## 🌱 Install
|
14
17
|
|
15
18
|
### Rails
|
16
19
|
|
17
20
|
Add this line to the top of your application's Gemfile:
|
18
21
|
|
19
22
|
```ruby
|
20
|
-
gem
|
23
|
+
gem "dotenv-vault-rails", require: "dotenv-vault/rails-now"
|
21
24
|
```
|
22
25
|
|
23
26
|
And then execute:
|
@@ -37,18 +40,16 @@ $ gem install dotenv-vault
|
|
37
40
|
As early as possible in your application bootstrap process, load `.env`:
|
38
41
|
|
39
42
|
```ruby
|
40
|
-
require
|
43
|
+
require "dotenv-vault/load"
|
41
44
|
|
42
45
|
# or
|
43
|
-
require
|
46
|
+
require "dotenv-vault"
|
44
47
|
DotenvVault.load
|
45
48
|
```
|
46
49
|
|
47
|
-
## Usage
|
48
|
-
|
49
|
-
### `.env`
|
50
|
+
## 🏗️ Usage
|
50
51
|
|
51
|
-
|
52
|
+
Development usage works just like [dotenv](https://github.com/bkeepers/dotenv).
|
52
53
|
|
53
54
|
Add your application configuration to your `.env` file in the root of your project:
|
54
55
|
|
@@ -60,95 +61,55 @@ SECRET_KEY=YOURSECRETKEYGOESHERE
|
|
60
61
|
When your application loads, these variables will be available in `ENV`:
|
61
62
|
|
62
63
|
```ruby
|
63
|
-
config.fog_directory = ENV[
|
64
|
+
config.fog_directory = ENV["S3_BUCKET"]
|
64
65
|
```
|
65
66
|
|
66
|
-
|
67
|
+
## 🚀 Deploying
|
67
68
|
|
68
|
-
|
69
|
+
Encrypt your `.env.vault` file.
|
69
70
|
|
70
|
-
|
71
|
-
|
72
|
-
```shell
|
73
|
-
npx dotenv-vault new
|
71
|
+
```bash
|
72
|
+
$ npx dotenv-vault build
|
74
73
|
```
|
75
74
|
|
76
|
-
|
75
|
+
Fetch your production `DOTENV_KEY`.
|
77
76
|
|
78
|
-
```
|
79
|
-
$ npx dotenv-vault
|
77
|
+
```bash
|
78
|
+
$ npx dotenv-vault keys production
|
80
79
|
```
|
81
80
|
|
82
|
-
|
81
|
+
Set `DOTENV_KEY` on your server.
|
83
82
|
|
84
|
-
```
|
85
|
-
|
86
|
-
|
83
|
+
```bash
|
84
|
+
# heroku example
|
85
|
+
heroku config:set DOTENV_KEY=dotenv://:key_1234…@dotenv.org/vault/.env.vault?environment=production
|
87
86
|
```
|
88
87
|
|
89
|
-
That's it!
|
88
|
+
That's it! On deploy, your `.env.vault` file will be decrypted and its secrets injected as environment variables – just in time.
|
90
89
|
|
91
|
-
|
90
|
+
*ℹ️ A note from [Mot](https://github.com/motdotla): Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers – protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future.*
|
92
91
|
|
93
|
-
|
92
|
+
<a href="https://github.com/dotenv-org/dotenv-vault#dotenv-vault-">Learn more at dotenv-vault: Deploying</a>
|
94
93
|
|
95
|
-
|
94
|
+
## 🌴 Manage Multiple Environments
|
96
95
|
|
97
|
-
|
96
|
+
Edit your production environment variables.
|
97
|
+
|
98
|
+
```bash
|
98
99
|
$ npx dotenv-vault open production
|
99
100
|
```
|
100
101
|
|
101
|
-
|
102
|
-
|
103
|
-
## Build & Deploy Anywhere
|
102
|
+
Regenerate your `.env.vault` file.
|
104
103
|
|
105
|
-
|
106
|
-
|
107
|
-
```shell
|
104
|
+
```bash
|
108
105
|
$ npx dotenv-vault build
|
109
106
|
```
|
110
107
|
|
111
|
-
|
108
|
+
*ℹ️ 🔐 Vault Managed vs 💻 Locally Managed: The above example, for brevity's sake, used the 🔐 Vault Managed solution to manage your `.env.vault` file. You can instead use the 💻 Locally Managed solution. [Read more here](https://github.com/dotenv-org/dotenv-vault#how-do-i-use--locally-managed-dotenv-vault). Our vision is that other platforms and orchestration tools adopt the `.env.vault` standard as they did the `.env` standard. We don't expect to be the only ones providing tooling to manage and generate `.env.vault` files.*
|
112
109
|
|
113
|
-
|
114
|
-
$ git commit -am "Updated .env.vault"
|
115
|
-
$ git push
|
116
|
-
```
|
110
|
+
<a href="https://github.com/dotenv-org/dotenv-vault#-manage-multiple-environments">Learn more at dotenv-vault: Manage Multiple Environments</a>
|
117
111
|
|
118
|
-
|
119
|
-
|
120
|
-
```shell
|
121
|
-
$ npx dotenv-vault keys
|
122
|
-
```
|
123
|
-
|
124
|
-
Set `DOTENV_KEY` on your infrastructure. For example, on Heroku:
|
125
|
-
|
126
|
-
```shell
|
127
|
-
$ heroku config:set DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production"
|
128
|
-
```
|
129
|
-
|
130
|
-
All set! When your app boots, it will recognize a `DOTENV_KEY` is set, decrypt the `.env.vault` file, and load the variables to `ENV`.
|
131
|
-
|
132
|
-
Made a change to your production envs? Run `npx dotenv-vault build`, commit that safely to code, and deploy. It's simple and safe like that.
|
133
|
-
|
134
|
-
## Dotenv.org
|
135
|
-
|
136
|
-
**[Create your account](https://dotenv.org/signup)**
|
137
|
-
|
138
|
-
You need a [Dotenv Account](https://dotenv.org) to use Dotenv Vault. It is free to use with premium features.
|
139
|
-
|
140
|
-
![](https://api.checklyhq.com/v1/badges/checks/c2fee99a-38e7-414e-89b8-9766ceeb1927?style=flat&theme=dark&responseTime=true)
|
141
|
-
![](https://api.checklyhq.com/v1/badges/checks/4f557967-1ed1-486a-b762-39a63781d752?style=flat&theme=dark&responseTime=true)
|
142
|
-
<br>
|
143
|
-
![](https://api.checklyhq.com/v1/badges/checks/804eb6fa-6599-4688-a649-7ff3c39a64b9?style=flat&theme=dark&responseTime=true)
|
144
|
-
![](https://api.checklyhq.com/v1/badges/checks/6a94504e-e936-4f07-bc0b-e08fee2734b3?style=flat&theme=dark&responseTime=true)
|
145
|
-
<br>
|
146
|
-
![](https://api.checklyhq.com/v1/badges/checks/06ac4f4e-3e0e-4501-9987-580b4d2a6b06?style=flat&theme=dark&responseTime=true)
|
147
|
-
![](https://api.checklyhq.com/v1/badges/checks/0ffc1e55-7ef0-4c2c-8acc-b6311871f41c?style=flat&theme=dark&responseTime=true)
|
148
|
-
|
149
|
-
Visit [health.dotenv.org](https://health.dotenv.org) for more information.
|
150
|
-
|
151
|
-
## FAQ
|
112
|
+
## ❓ FAQ
|
152
113
|
|
153
114
|
#### What happens if `DOTENV_KEY` is not set?
|
154
115
|
|
@@ -178,6 +139,11 @@ No. It is the key that unlocks your encrypted environment variables. Be very car
|
|
178
139
|
|
179
140
|
See [CHANGELOG.md](CHANGELOG.md)
|
180
141
|
|
142
|
+
## Development
|
143
|
+
|
144
|
+
1. Bump and tag version
|
145
|
+
2. rake release
|
146
|
+
|
181
147
|
## License
|
182
148
|
|
183
149
|
MIT
|
data/dotenv-vault-rails.gemspec
CHANGED
@@ -6,8 +6,8 @@ Gem::Specification.new "dotenv-vault-rails" do |spec|
|
|
6
6
|
spec.authors = ["motdotla"]
|
7
7
|
spec.email = ["mot@mot.la"]
|
8
8
|
|
9
|
-
spec.summary = %q{
|
10
|
-
spec.description = %q{
|
9
|
+
spec.summary = %q{Decrypt .env.vault file.}
|
10
|
+
spec.description = %q{Decrypt .env.vault file.}
|
11
11
|
spec.homepage = "https://github.com/dotenv-org/dotenv-vault-ruby"
|
12
12
|
spec.license = "MIT"
|
13
13
|
spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
|
data/dotenv-vault.gemspec
CHANGED
@@ -6,8 +6,8 @@ Gem::Specification.new "dotenv-vault" do |spec|
|
|
6
6
|
spec.authors = ["motdotla"]
|
7
7
|
spec.email = ["mot@mot.la"]
|
8
8
|
|
9
|
-
spec.summary = %q{
|
10
|
-
spec.description = %q{
|
9
|
+
spec.summary = %q{Decrypt .env.vault file.}
|
10
|
+
spec.description = %q{Decrypt .env.vault file.}
|
11
11
|
spec.homepage = "https://github.com/dotenv-org/dotenv-vault-ruby"
|
12
12
|
spec.license = "MIT"
|
13
13
|
spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
|
data/lib/dotenv-vault/version.rb
CHANGED
data/lib/dotenv-vault.rb
CHANGED
@@ -90,7 +90,7 @@ module DotenvVault
|
|
90
90
|
#
|
91
91
|
# Decrypts and loads to ENV
|
92
92
|
def load_vault(*filenames)
|
93
|
-
DotenvVault.logger.info("[dotenv-vault] Loading encrypted .env.vault
|
93
|
+
DotenvVault.logger.info("[dotenv-vault] Loading env from encrypted .env.vault") if DotenvVault.logger
|
94
94
|
|
95
95
|
parsed = parse_vault(*filenames)
|
96
96
|
|
@@ -104,7 +104,7 @@ module DotenvVault
|
|
104
104
|
#
|
105
105
|
# Decrypts and overloads to ENV
|
106
106
|
def overload_vault(*filenames)
|
107
|
-
DotenvVault.logger.info("[dotenv-vault] Overloading encrypted .env.vault
|
107
|
+
DotenvVault.logger.info("[dotenv-vault] Overloading env from encrypted .env.vault") if DotenvVault.logger
|
108
108
|
|
109
109
|
parsed = parse_vault(*filenames)
|
110
110
|
|
@@ -117,31 +117,35 @@ module DotenvVault
|
|
117
117
|
def parse_vault(*filenames)
|
118
118
|
# DOTENV_KEY=development/key_1234
|
119
119
|
#
|
120
|
-
# Warn the developer unless
|
121
|
-
raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(
|
120
|
+
# Warn the developer unless present
|
121
|
+
raise NotFoundDotenvKey, "NOT_FOUND_DOTENV_KEY: Cannot find ENV['DOTENV_KEY']" unless present?(dotenv_key)
|
122
122
|
|
123
|
-
# Parse
|
124
|
-
|
123
|
+
# Parse .env.vault
|
124
|
+
parsed = Dotenv.parse(vault_path)
|
125
125
|
|
126
|
-
#
|
127
|
-
|
128
|
-
|
126
|
+
# handle scenario for comma separated keys - for use with key rotation
|
127
|
+
# example: DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=prod,dotenv://:key_7890@dotenv.org/vault/.env.vault?environment=prod"
|
128
|
+
keys = dotenv_key.split(',')
|
129
129
|
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
130
|
+
decrypted = nil
|
131
|
+
keys.each_with_index do |split_dotenv_key, index|
|
132
|
+
begin
|
133
|
+
# Get full key
|
134
|
+
key = split_dotenv_key.strip
|
134
135
|
|
135
|
-
|
136
|
-
|
136
|
+
# Get instructions for decrypt
|
137
|
+
attrs = instructions(parsed, key)
|
137
138
|
|
138
|
-
|
139
|
-
|
140
|
-
ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
|
141
|
-
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
|
139
|
+
# Decrypt
|
140
|
+
decrypted = decrypt(attrs[:ciphertext], attrs[:key])
|
142
141
|
|
143
|
-
|
144
|
-
|
142
|
+
break
|
143
|
+
rescue => error
|
144
|
+
# last key
|
145
|
+
raise error if index >= keys.length - 1
|
146
|
+
# try next key
|
147
|
+
end
|
148
|
+
end
|
145
149
|
|
146
150
|
# Parse decrypted .env string
|
147
151
|
Dotenv::Parser.call(decrypted, true)
|
@@ -152,7 +156,13 @@ module DotenvVault
|
|
152
156
|
end
|
153
157
|
|
154
158
|
def dotenv_key_present?
|
155
|
-
present?(
|
159
|
+
present?(dotenv_key) && dotenv_vault_present?
|
160
|
+
end
|
161
|
+
|
162
|
+
def dotenv_key
|
163
|
+
return ENV["DOTENV_KEY"] if present?(ENV["DOTENV_KEY"])
|
164
|
+
|
165
|
+
""
|
156
166
|
end
|
157
167
|
|
158
168
|
def dotenv_vault_present?
|
@@ -170,7 +180,7 @@ module DotenvVault
|
|
170
180
|
def decrypt(ciphertext, key)
|
171
181
|
key = key[-64..-1] # last 64 characters. allows for passing keys with preface like key_*****
|
172
182
|
|
173
|
-
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key.bytesize == 64
|
183
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Key part must be 64 characters long (or more)" unless key && key.bytesize == 64
|
174
184
|
|
175
185
|
lockbox = Lockbox.new(key: key, encode: true)
|
176
186
|
begin
|
@@ -179,4 +189,28 @@ module DotenvVault
|
|
179
189
|
raise DecryptionFailed, "DECRYPTION_FAILED: Please check your DOTENV_KEY"
|
180
190
|
end
|
181
191
|
end
|
192
|
+
|
193
|
+
def instructions(parsed, split_dotenv_key)
|
194
|
+
# Parse DOTENV_KEY. Format is a URI
|
195
|
+
uri = URI.parse(split_dotenv_key) # dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production
|
196
|
+
|
197
|
+
# Get decrypt key
|
198
|
+
key = uri.password
|
199
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing key part" unless present?(key)
|
200
|
+
|
201
|
+
# Get environment
|
202
|
+
params = Hash[URI::decode_www_form(uri.query.to_s)]
|
203
|
+
environment = params["environment"]
|
204
|
+
raise InvalidDotenvKey, "INVALID_DOTENV_KEY: Missing environment part" unless present?(environment)
|
205
|
+
|
206
|
+
# Get ciphertext payload
|
207
|
+
environment_key = "DOTENV_VAULT_#{environment.upcase}"
|
208
|
+
ciphertext = parsed[environment_key] # DOTENV_VAULT_PRODUCTION
|
209
|
+
raise NotFoundDotenvEnvironment, "NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate #{environment_key} in .env.vault" unless ciphertext
|
210
|
+
|
211
|
+
{
|
212
|
+
ciphertext: ciphertext,
|
213
|
+
key: key
|
214
|
+
}
|
215
|
+
end
|
182
216
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dotenv-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- motdotla
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-07-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dotenv
|
@@ -80,7 +80,7 @@ dependencies:
|
|
80
80
|
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0'
|
83
|
-
description:
|
83
|
+
description: Decrypt .env.vault file.
|
84
84
|
email:
|
85
85
|
- mot@mot.la
|
86
86
|
executables: []
|
@@ -113,7 +113,7 @@ metadata:
|
|
113
113
|
homepage_uri: https://github.com/dotenv-org/dotenv-vault-ruby
|
114
114
|
source_code_uri: https://github.com/dotenv-org/dotenv-vault-ruby
|
115
115
|
changelog_uri: https://github.com/dotenv-org/dotenv-vault-ruby
|
116
|
-
post_install_message:
|
116
|
+
post_install_message:
|
117
117
|
rdoc_options: []
|
118
118
|
require_paths:
|
119
119
|
- lib
|
@@ -128,8 +128,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
128
128
|
- !ruby/object:Gem::Version
|
129
129
|
version: '0'
|
130
130
|
requirements: []
|
131
|
-
rubygems_version: 3.
|
132
|
-
signing_key:
|
131
|
+
rubygems_version: 3.3.26
|
132
|
+
signing_key:
|
133
133
|
specification_version: 4
|
134
|
-
summary:
|
134
|
+
summary: Decrypt .env.vault file.
|
135
135
|
test_files: []
|