dry-credentials 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80d0cd76bf93e1c24651a2f55d9b2ca8493a33aab603e97bcf68db5ad1b3d88a
-  data.tar.gz: 14e831c767bb3b4b302b6cd042af12af3ebc21402290c9311773572ffd39dbf0
+  metadata.gz: a87f2e29c53fafba34356002ee07e2eb2d31fba25135d51b9098b34171a771cb
+  data.tar.gz: d675791b951d5220f8dafc35330deb022eea62cd2bc82f7e84963d9504441763
 SHA512:
-  metadata.gz: 0057adafdb86c53b705125c7ef9317673010633b41a3856d1ac3cd27fd050925d0a8ded61b92b13e13bff9edbe3c7d85937445ec4a1aa9d07f627a4a6f5d135e
-  data.tar.gz: 46f17ca1795ad86c964fa78605b02c84a36c598cd1466823dac843181fb79d71b2f9a162c3cfea3482a80105d9a5543cf9da6c2b34fab5cf2facca939506afd4
+  metadata.gz: 0a13c705e06e11791408562219391cf524d7e1d17069cfcfd1d9469cb41187bf7649be21df8b230435c487621b90a2d86f05b19d54bb52dab7a09f215a042b25
+  data.tar.gz: 0c07cae029dc55ba469e469a4f250f36ae73064ec8d5529b6a9f6f9239757eb1ce95ceae7471bb6d959c60e2419fd559de3a6169204bf99c2d15bae726431c43

data/CHANGELOG.md

@@ -2,9 +2,24 @@
 
 Nothing so far
 
+## 0.3.0
+
+#### Additions
+
+* Support generic fallback environment variable +CREDENTIALS_KEY+
+
+## 0.2.1
+
+## 0.2.1
+
+#### Additions
+
+* Add square brackets setter for settings
+* Explain integrations for Bridgetown, Hanami 2 and Rodbot
+
 ## 0.2.0
 
-#### Breaking Changes
+#### Breaking changes
 
 * Fall back to `APP_ENV` instead of `RACK_ENV`
 
@@ -14,7 +29,7 @@ Nothing so far
 
 ## 0.1.0
 
-#### Initial Implementation
+#### Initial implementation
 
 * Require Ruby 3.0 or newer
 * Class mixin featuring the `credentials` macro:

data/README.md

@@ -1,7 +1,7 @@
 [![Version](https://img.shields.io/gem/v/dry-credentials.svg?style=flat)](https://rubygems.org/gems/dry-credentials)
 [![Tests](https://img.shields.io/github/actions/workflow/status/svoop/dry-credentials/test.yml?style=flat&label=tests)](https://github.com/svoop/dry-credentials/actions?workflow=Test)
 [![Code Climate](https://img.shields.io/codeclimate/maintainability/svoop/dry-credentials.svg?style=flat)](https://codeclimate.com/github/svoop/dry-credentials/)
-[![Donorbox](https://img.shields.io/badge/donate-on_donorbox-yellow.svg)](https://donorbox.org/bitcetera)
+[![GitHub Sponsors](https://img.shields.io/github/sponsors/svoop.svg)](https://github.com/sponsors/svoop)
 
 # Dry::Credentials
 
@@ -13,6 +13,8 @@ While similar in purpose to ActiveSupport::EncryptedConfiguration, this lightwei
 * [API](https://www.rubydoc.info/gems/dry-credentials)
 * Author: [Sven Schwyn - Bitcetera](https://bitcetera.com)
 
+Thank you for supporting free and open-source software by sponsoring on [GitHub](https://github.com/sponsors/svoop) or on [Donorbox](https://donorbox.com/bitcetera). Any gesture is appreciated, from a single Euro for a ☕️ cup of coffee to 🍹 early retirement.
+
 ## Install
 
 ### Security
@@ -37,6 +39,8 @@ And then install the bundle:
 bundle install --trust-policy MediumSecurity
 ```
 
+See [Integrations](#integrations) below for how to integrate Dry::Credentials into frameworks.
+
 ## Usage
 
 Extend any class with `Dry::Credentials` to use the [default settings](#defaults):
@@ -94,6 +98,12 @@ To decrypt the credentials and use them in your app, you have to set just this o
 export SANDBOX_CREDENTIALS_KEY=68656973716a4e706e336733377245732b6e77584c6c772b5432446532456f674767664271374a623876383d
 ```
 
+Alternatively, you can omit the first part of the variable name. Such a key will be used for any app environment, but a more specific key will always take precedence. This is particularly useful when working with containerized setups:
+
+```sh
+export CREDENTIALS_KEY=68656973716a4e706e336733377245732b6e77584c6c772b5432446532456f674767664271374a623876383d
+```
+
 With this in place, you can use the decrypted credentials anywhere in your app:
 
 ```ruby
@@ -154,6 +164,111 @@ Setting | Default | Description
 `digest` | `"sha256"` | sign digest used if the cipher doesn't support AEAD
 `serializer` | `Marshal` | serializer responding to `dump` and `load`
 
+## Integrations
+
+### Bridgetown
+
+The [bridgetown_credentials gem](https://github.com/svoop/bridgetown_credentials) integrates Dry::Credentials into your [Bridgetown](https://www.bridgetownrb.com) site.
+
+### Hanami 2
+
+To use credentials in a [Hanami 2](https//hanami.org) app, first add this gem to the Gemfile of the app and then create a provider `config/providers/credentials.rb`:
+
+```ruby
+# frozen_string_literal: true
+
+Hanami.app.register_provider :credentials do
+  prepare do
+    require "dry-credentials"
+
+    Dry::Credentials::Extension.new.then do |credentials|
+      credentials[:env] = Hanami.env
+      credentials[:dir] = Hanami.app.root.join(credentials[:dir])
+      credentials[:dir].mkpath
+      credentials.load!
+      register "credentials", credentials
+    end
+  end
+end
+```
+
+Next up are Rake tasks `lib/tasks/credentials.rake`:
+
+```ruby
+namespace :credentials do
+  desc "Edit (or create) the encrypted credentials file"
+  task :edit, [:env] => [:environment] do |_, args|
+    Hanami.app.prepare(:credentials)
+    Hanami.app['credentials'].edit! args[:env]
+  end
+end
+```
+
+(As of Hanami 2.1, you have to [explicitly load such tasks in the Rakefile](https://github.com/hanami/hanami/issues/1375) yourself.)
+
+You can now create a new credentials file for the development environment:
+
+```
+rake credentials:edit
+```
+
+This prints the credentials key you have to set in `.env`:
+
+```
+DEVELOPMENT_CREDENTIALS_KEY=...
+```
+
+The credentials are now available anywhere you inject them:
+
+```ruby
+module MyHanamiApp
+  class ApiKeyPrinter
+    include Deps[
+      "credentials"
+    ]
+
+    def call
+      puts credentials.api_key
+    end
+  end
+end
+```
+
+You can use the credentials in other providers. Say, you want to pass the [ROM](https://rom-rb.org/) database URL (which contains the connection password) using credentials instead of settings. Simply replace `target["settings"].database_url` with `target["credentials"].database_url` and you're good to go:
+
+```ruby
+Hanami.app.register_provider :persistence, namespace: true do
+  prepare do
+    require "rom"
+
+    config = ROM::Configuration.new(:sql, target["credentials"].database_url)
+
+    register "config", config
+    register "db", config.gateways[:default].connection
+  end
+
+  (...)
+end
+```
+
+Finally, if you have trouble using the credentials in slices, you might have to [share this app component](https://www.rubydoc.info/gems/hanami/Hanami/Config#shared_app_component_keys-instance_method) in `config/app.rb`:
+
+```ruby
+module MyHanamiApp
+  class App < Hanami::App
+    config.shared_app_component_keys += ["credentials"]
+  end
+end
+```
+
+### Ruby on Rails
+
+ActiveSupport implements [encrypted configuration](https://www.rubydoc.info/gems/activesupport/ActiveSupport/EncryptedConfiguration) which is used by `rails credentials:edit` [out of the box]((https://guides.rubyonrails.org/security.html#custom-credentials)). There's no benefit from introducing an additional dependency like Dry::Credentials.
+
+### Rodbot
+
+Dry::Credentials is integrated into [Rodbot](https://github.com/svoop/rodbot) out of the box, see [the README for more](https://github.com/svoop/rodbot/blob/main/README.md#credentials).
+
 ## Development
 
 To install the development dependencies and then run the test suite:

data/lib/dry/credentials/extension.rb

@@ -55,6 +55,14 @@ module Dry
         @settings.send(setting)
       end
 
+      # Change settings
+      #
+      # @param setting [String] name of the setting
+      # @param value [Object] new value of the setting
+      def []=(setting, value)
+        @settings.send(setting, value)
+      end
+
     end
   end
 end

data/lib/dry/credentials/helpers.rb

@@ -75,7 +75,7 @@ module Dry
         if create?
           ENV[key_ev] = encryptor.generate_key
         else
-          ENV[key_ev] or fail Dry::Credentials::KeyNotSetError
+          (ENV[key_ev] || ENV['CREDENTIALS_KEY']) or fail Dry::Credentials::KeyNotSetError
         end
       end
 

data/lib/dry/credentials/version.rb

@@ -2,6 +2,6 @@
 
 module Dry
   module Credentials
-    VERSION = "0.2.0"
+    VERSION = "0.3.0"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dry-credentials
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Sven Schwyn
@@ -11,8 +11,8 @@ cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
   MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
-  L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjIxMTA2MTIzNjUwWhcNMjMxMTA2MTIz
-  NjUwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
+  L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjQxMTIwMjExMDIwWhcNMjUxMTIwMjEx
+  MDIwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
   CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
   KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
   ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
@@ -21,16 +21,30 @@ cert_chain:
   PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
   dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
   yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
-  BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAYG2na
-  ye8OE2DANQIFM/xDos/E4DaPWCJjX5xvFKNKHMCeQYPeZvLICCwyw2paE7Otwk6p
-  uvbg2Ks5ykXsbk5i6vxDoeeOLvmxCqI6m+tHb8v7VZtmwRJm8so0eSX0WvTaKnIf
-  CAn1bVUggczVdNoBXw9WAILKyw9bvh3Ft740XZrR74sd+m2pGwjCaM8hzLvrVbGP
-  DyYhlBeRWyQKQ0WDIsiTSRhzK8HwSTUWjvPwx7SEdIU/HZgyrk0ETObKPakVu6bH
-  kAyiRqgxF4dJviwtqI7mZIomWL63+kXLgjOjMe1SHxfIPo/0ji6+r1p4KYa7o41v
-  fwIwU1MKlFBdsjkd
+  BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQDSeB1x
+  8QK8F/ML37isgvwGiQxovDUqu6Sq14cQ1qE9y5prUBmL2AsDuCBpXXctcvamFqNC
+  PgfJtj7ZZcXmY0SfKCog7T1btkr6zYxPXpxwUqB45n0I6v5qc0UCNvMEfBzxlak5
+  VW7UMNlKD9qukeN55hxuLF2F/sLldMcHUo/ATgdV4zk1t3sK6A9+02wz5K5qfWdM
+  Mi+XWXmGd57uojk3RcIXNwBRRP4DTKcKgVXhuyHb7q1vjTXrS6bw1Ortu0KmWOIk
+  jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
+  boIgxQCMT+nxBHCD
   -----END CERTIFICATE-----
-date: 2023-10-30 00:00:00.000000000 Z
+date: 2024-12-08 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -73,6 +87,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-substitute
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest-flash
   requirement: !ruby/object:Gem::Requirement
@@ -203,7 +231,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.21
+rubygems_version: 3.5.23
 signing_key:
 specification_version: 4
 summary: A mixin to use encrypted credentials in your classes