dry-credentials 0.3.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '059c7a02cdb5b067ad93852c53e2249da715146753df8257eb0f64263f80a392'
4
- data.tar.gz: 54ab5c829f2f9bdf0543832f0f8eb292d586a4e5a0ad41d95a9e10696428312e
3
+ metadata.gz: 428ea0b2385819b812ad62af920ee88b852e1306560aa15fb680d2b3a5edae08
4
+ data.tar.gz: aecced4b5e35e8ebaa987dbffd0a71ac19e2d444db812cd4605701938e9131e7
5
5
  SHA512:
6
- metadata.gz: '063048e5fec98ca9cde997657b3a3afd1ef58040a4536cb9721cfe4c0f0a5f5e4d453db754aa147c2900b9045c8ad9ce9115f436d44cc769c2b81d65677bc053'
7
- data.tar.gz: 5b9203d7e779263e1faa8ec810882aa8bb51da7e663cc7667e9284549925a861aa96a56334c0c23c34f97d560a86468cb82a66a7f35797cf6d3dab50820df531
6
+ metadata.gz: c2fd0a0324bbea4a1ddf74fef14d64b269912eb209cf4154fe97354231408e71955ac95d6927f9d38741e148a7a047e401f5c22ca6baad6cf449035ed751807f
7
+ data.tar.gz: ab0dc642e603123d8d2c53575c1dd7a5cb632fcc3f1fd5f3352ecf1b7a2569371fe1aead616bcb09312912993b9a0b8f320c69efb86a97615ef7a15fdfdbf8da
checksums.yaml.gz.sig CHANGED
@@ -1 +1 @@
1
- oj=��]Vdw2�']D�$U��݌����hvhzI��U�vA�{.2�HCԟ����Qg֨�����Q���\MGF��k�U���m�ВT��b��Rj��B)͒}8��@;ۮ- ��t���ǚ]7n����3�<�kA�b�3R���i6w G��vc�>$e[��{7����ؐj7�#L:
1
+ rҗ$�:/|��s��IO2 +9���ALq[���j���*�T�@��&W_���������x���SCU>Ks��-����{�bl"���iq4���f��,z$���FF��7H���ʑh,RW���$�ui�� d3�y'�!���"(9 si�$F�y.N~_] )�!y8R�ɏb�K2rzj[����BKpv���&��pp�6�C6��yq���|�#`���)�UB7�颠u����/سnI��
data/CHANGELOG.md CHANGED
@@ -2,39 +2,38 @@
2
2
 
3
3
  Nothing so far
4
4
 
5
+ ## 0.4.0
6
+
7
+ #### Additions
8
+ * Dynamic secrets
9
+
5
10
  ## 0.3.1
6
11
 
7
- Nothing so far
12
+ #### Changes
13
+ * Update Ruby to 3.4
8
14
 
9
15
  ## 0.3.0
10
16
 
11
17
  #### Additions
12
-
13
18
  * Support generic fallback environment variable +CREDENTIALS_KEY+
14
19
 
15
20
  ## 0.2.1
16
21
 
17
- ## 0.2.1
18
-
19
22
  #### Additions
20
-
21
23
  * Add square brackets setter for settings
22
24
  * Explain integrations for Bridgetown, Hanami 2 and Rodbot
23
25
 
24
26
  ## 0.2.0
25
27
 
26
28
  #### Breaking changes
27
-
28
29
  * Fall back to `APP_ENV` instead of `RACK_ENV`
29
30
 
30
31
  #### Fixes
31
-
32
32
  * Don't re-encrypt if credentials haven't been modified
33
33
 
34
34
  ## 0.1.0
35
35
 
36
36
  #### Initial implementation
37
-
38
37
  * Require Ruby 3.0 or newer
39
38
  * Class mixin featuring the `credentials` macro:
40
39
  * Block to change (default) settings such as the cipher
data/README.md CHANGED
@@ -122,7 +122,7 @@ By default, the current environment is read from `APP_ENV`. You shouldn't use `R
122
122
 
123
123
  ⚠️ For safety reasons, don't share the same key across multiple environments!
124
124
 
125
- ## Reload Credentials
125
+ ## Reload credentials
126
126
 
127
127
  The credentials are lazy loaded when queried for the first time. After that, changes in the encrypted credentials files are not taken into account at runtime for efficiency reasons.
128
128
 
@@ -134,7 +134,7 @@ App.credentials.reload!
134
134
 
135
135
  The reload is not done immediately but the next time credentials are queried.
136
136
 
137
- ## Edit Credentials
137
+ ## Edit credentials
138
138
 
139
139
  This gem does not provide any CLI tools to edit the credentials. You should integrate it into your app instead e.g. with a Rake task or an extension to the CLI tool of the app framework you're using.
140
140
 
@@ -146,6 +146,40 @@ App.credentials.edit! "production"
146
146
 
147
147
  Editing credentials implicitly schedules a `reload!`.
148
148
 
149
+ ## Dynamic secrets
150
+
151
+ In case you have to partition secrets beyond environments, you can set dynamic secrets which are composed on the fly. Here's an example.
152
+
153
+ You want to be able to connect to a shared database for the test environment, but the database URL differs whether you run the tests locally or on your favourite CI platform. To differ between the two, you set an environment variable `CONTEXT` which is either `local` or `ci` and you defined the secrets accordingly:
154
+
155
+ ```yaml
156
+ database_url:
157
+ local: postgres://localhost:5432/example
158
+ ci: postgres://testuser:testpassword@remote.db.example.com:5432/example
159
+ ```
160
+
161
+ To get the actual database URL, you have to:
162
+
163
+ ```ruby
164
+ App.credentials.database_url.send(ENV['CONTEXT'])
165
+ ```
166
+
167
+ This is okay, but it may grow a lot longer and less readable in a real app. Enter dynamic secrets which are composed according to your needs:
168
+
169
+ ```ruby
170
+ App.credentials.define! :current_database_url do |credentials|
171
+ credentials.database_url.send(ENV['CONTEXT'])
172
+ end
173
+ ```
174
+
175
+ Dynamic secrets are then available like any other secret, however, the block is called every time you query the dynamic secret:
176
+
177
+ ```ruby
178
+ App.credentials.current_database_url # => "postgres://localhost..."
179
+ ```
180
+
181
+ ⚠️ Don't try to use the same key for a dynamic secret as for an existing regular one since this could create an endless loop and therefore any such attempt will raise a `Dry::Credentials::DefineError`.
182
+
149
183
  ## Settings
150
184
 
151
185
  If you have to, you can access the settings programmatically:
@@ -180,7 +214,9 @@ To use credentials in a [Hanami 2](https//hanami.org) app, first add this gem to
180
214
  Hanami.app.register_provider :credentials do
181
215
  prepare do
182
216
  require "dry-credentials"
217
+ end
183
218
 
219
+ start do
184
220
  Dry::Credentials::Extension.new.then do |credentials|
185
221
  credentials[:env] = Hanami.env
186
222
  credentials[:dir] = Hanami.app.root.join(credentials[:dir])
@@ -263,7 +299,7 @@ end
263
299
 
264
300
  ### Ruby on Rails
265
301
 
266
- ActiveSupport implements [encrypted configuration](https://www.rubydoc.info/gems/activesupport/ActiveSupport/EncryptedConfiguration) which is used by `rails credentials:edit` [out of the box]((https://guides.rubyonrails.org/security.html#custom-credentials)). There's no benefit from introducing an additional dependency like Dry::Credentials.
302
+ ActiveSupport implements [encrypted configuration](https://www.rubydoc.info/gems/activesupport/ActiveSupport/EncryptedConfiguration) which is used by `rails credentials:edit` [out of the box]((https://guides.rubyonrails.org/security.html#custom-credentials)). There not much benefit from introducing Dry::Credentials as an additional dependency.
267
303
 
268
304
  ### Rodbot
269
305
 
@@ -21,5 +21,9 @@ module Dry
21
21
  class YAMLFormatError < StandardError
22
22
  def initialize(msg='top level must be a dictionary') = super
23
23
  end
24
+
25
+ class DefineError < StandardError
26
+ def initialize(msg='cowardly refusing to redefine existing key') = super
27
+ end
24
28
  end
25
29
  end
@@ -47,6 +47,20 @@ module Dry
47
47
  end
48
48
  end
49
49
 
50
+ # Define a dynamic secret
51
+ #
52
+ # @param key [Symbol, String] name of the dynamic secret
53
+ # @yield [Dry::Credentials::Extension] compose the dynamic secret using
54
+ # the static credentials yielded and other inputs such as `ENV`
55
+ # @yieldreturn [Object] dynamic secret
56
+ # @raise [Types] description
57
+ # @return [self]
58
+ def define!(key, &block)
59
+ fail Dry::Credentials::DefineError if respond_to? key
60
+ define_singleton_method(key) { block.call(self) }
61
+ self
62
+ end
63
+
50
64
  # Query settings
51
65
  #
52
66
  # @param setting [String] name of the setting
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Dry
4
4
  module Credentials
5
- VERSION = "0.3.1"
5
+ VERSION = "0.4.0"
6
6
  end
7
7
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dry-credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sven Schwyn
@@ -28,7 +28,7 @@ cert_chain:
28
28
  jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
29
29
  boIgxQCMT+nxBHCD
30
30
  -----END CERTIFICATE-----
31
- date: 2024-12-25 00:00:00.000000000 Z
31
+ date: 2025-01-05 00:00:00.000000000 Z
32
32
  dependencies:
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: base64
metadata.gz.sig CHANGED
Binary file