dry-credentials 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +1 -1
- data/CHANGELOG.md +7 -8
- data/README.md +39 -3
- data/lib/dry/credentials/errors.rb +4 -0
- data/lib/dry/credentials/extension.rb +14 -0
- data/lib/dry/credentials/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 428ea0b2385819b812ad62af920ee88b852e1306560aa15fb680d2b3a5edae08
|
4
|
+
data.tar.gz: aecced4b5e35e8ebaa987dbffd0a71ac19e2d444db812cd4605701938e9131e7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c2fd0a0324bbea4a1ddf74fef14d64b269912eb209cf4154fe97354231408e71955ac95d6927f9d38741e148a7a047e401f5c22ca6baad6cf449035ed751807f
|
7
|
+
data.tar.gz: ab0dc642e603123d8d2c53575c1dd7a5cb632fcc3f1fd5f3352ecf1b7a2569371fe1aead616bcb09312912993b9a0b8f320c69efb86a97615ef7a15fdfdbf8da
|
checksums.yaml.gz.sig
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
�rҗ$�:/|��s��IO2+9���ALq[���j���*�T�@��&W�_���������x���SCU>K�s��-����{�b�l"���i�q4���f��,z$���FF��7H���ʑh,RW���$�ui�� d� 3�y'�!���"(9 si�$F�y.N~_])�!y8R�ɏb�K�2�rz�j[����BKpv���&��pp�6�C6��yq���|�#`���)�UB7�颠u����/سnI��
|
data/CHANGELOG.md
CHANGED
@@ -2,39 +2,38 @@
|
|
2
2
|
|
3
3
|
Nothing so far
|
4
4
|
|
5
|
+
## 0.4.0
|
6
|
+
|
7
|
+
#### Additions
|
8
|
+
* Dynamic secrets
|
9
|
+
|
5
10
|
## 0.3.1
|
6
11
|
|
7
|
-
|
12
|
+
#### Changes
|
13
|
+
* Update Ruby to 3.4
|
8
14
|
|
9
15
|
## 0.3.0
|
10
16
|
|
11
17
|
#### Additions
|
12
|
-
|
13
18
|
* Support generic fallback environment variable +CREDENTIALS_KEY+
|
14
19
|
|
15
20
|
## 0.2.1
|
16
21
|
|
17
|
-
## 0.2.1
|
18
|
-
|
19
22
|
#### Additions
|
20
|
-
|
21
23
|
* Add square brackets setter for settings
|
22
24
|
* Explain integrations for Bridgetown, Hanami 2 and Rodbot
|
23
25
|
|
24
26
|
## 0.2.0
|
25
27
|
|
26
28
|
#### Breaking changes
|
27
|
-
|
28
29
|
* Fall back to `APP_ENV` instead of `RACK_ENV`
|
29
30
|
|
30
31
|
#### Fixes
|
31
|
-
|
32
32
|
* Don't re-encrypt if credentials haven't been modified
|
33
33
|
|
34
34
|
## 0.1.0
|
35
35
|
|
36
36
|
#### Initial implementation
|
37
|
-
|
38
37
|
* Require Ruby 3.0 or newer
|
39
38
|
* Class mixin featuring the `credentials` macro:
|
40
39
|
* Block to change (default) settings such as the cipher
|
data/README.md
CHANGED
@@ -122,7 +122,7 @@ By default, the current environment is read from `APP_ENV`. You shouldn't use `R
|
|
122
122
|
|
123
123
|
⚠️ For safety reasons, don't share the same key across multiple environments!
|
124
124
|
|
125
|
-
## Reload
|
125
|
+
## Reload credentials
|
126
126
|
|
127
127
|
The credentials are lazy loaded when queried for the first time. After that, changes in the encrypted credentials files are not taken into account at runtime for efficiency reasons.
|
128
128
|
|
@@ -134,7 +134,7 @@ App.credentials.reload!
|
|
134
134
|
|
135
135
|
The reload is not done immediately but the next time credentials are queried.
|
136
136
|
|
137
|
-
## Edit
|
137
|
+
## Edit credentials
|
138
138
|
|
139
139
|
This gem does not provide any CLI tools to edit the credentials. You should integrate it into your app instead e.g. with a Rake task or an extension to the CLI tool of the app framework you're using.
|
140
140
|
|
@@ -146,6 +146,40 @@ App.credentials.edit! "production"
|
|
146
146
|
|
147
147
|
Editing credentials implicitly schedules a `reload!`.
|
148
148
|
|
149
|
+
## Dynamic secrets
|
150
|
+
|
151
|
+
In case you have to partition secrets beyond environments, you can set dynamic secrets which are composed on the fly. Here's an example.
|
152
|
+
|
153
|
+
You want to be able to connect to a shared database for the test environment, but the database URL differs whether you run the tests locally or on your favourite CI platform. To differ between the two, you set an environment variable `CONTEXT` which is either `local` or `ci` and you defined the secrets accordingly:
|
154
|
+
|
155
|
+
```yaml
|
156
|
+
database_url:
|
157
|
+
local: postgres://localhost:5432/example
|
158
|
+
ci: postgres://testuser:testpassword@remote.db.example.com:5432/example
|
159
|
+
```
|
160
|
+
|
161
|
+
To get the actual database URL, you have to:
|
162
|
+
|
163
|
+
```ruby
|
164
|
+
App.credentials.database_url.send(ENV['CONTEXT'])
|
165
|
+
```
|
166
|
+
|
167
|
+
This is okay, but it may grow a lot longer and less readable in a real app. Enter dynamic secrets which are composed according to your needs:
|
168
|
+
|
169
|
+
```ruby
|
170
|
+
App.credentials.define! :current_database_url do |credentials|
|
171
|
+
credentials.database_url.send(ENV['CONTEXT'])
|
172
|
+
end
|
173
|
+
```
|
174
|
+
|
175
|
+
Dynamic secrets are then available like any other secret, however, the block is called every time you query the dynamic secret:
|
176
|
+
|
177
|
+
```ruby
|
178
|
+
App.credentials.current_database_url # => "postgres://localhost..."
|
179
|
+
```
|
180
|
+
|
181
|
+
⚠️ Don't try to use the same key for a dynamic secret as for an existing regular one since this could create an endless loop and therefore any such attempt will raise a `Dry::Credentials::DefineError`.
|
182
|
+
|
149
183
|
## Settings
|
150
184
|
|
151
185
|
If you have to, you can access the settings programmatically:
|
@@ -180,7 +214,9 @@ To use credentials in a [Hanami 2](https//hanami.org) app, first add this gem to
|
|
180
214
|
Hanami.app.register_provider :credentials do
|
181
215
|
prepare do
|
182
216
|
require "dry-credentials"
|
217
|
+
end
|
183
218
|
|
219
|
+
start do
|
184
220
|
Dry::Credentials::Extension.new.then do |credentials|
|
185
221
|
credentials[:env] = Hanami.env
|
186
222
|
credentials[:dir] = Hanami.app.root.join(credentials[:dir])
|
@@ -263,7 +299,7 @@ end
|
|
263
299
|
|
264
300
|
### Ruby on Rails
|
265
301
|
|
266
|
-
ActiveSupport implements [encrypted configuration](https://www.rubydoc.info/gems/activesupport/ActiveSupport/EncryptedConfiguration) which is used by `rails credentials:edit` [out of the box]((https://guides.rubyonrails.org/security.html#custom-credentials)). There
|
302
|
+
ActiveSupport implements [encrypted configuration](https://www.rubydoc.info/gems/activesupport/ActiveSupport/EncryptedConfiguration) which is used by `rails credentials:edit` [out of the box]((https://guides.rubyonrails.org/security.html#custom-credentials)). There not much benefit from introducing Dry::Credentials as an additional dependency.
|
267
303
|
|
268
304
|
### Rodbot
|
269
305
|
|
@@ -21,5 +21,9 @@ module Dry
|
|
21
21
|
class YAMLFormatError < StandardError
|
22
22
|
def initialize(msg='top level must be a dictionary') = super
|
23
23
|
end
|
24
|
+
|
25
|
+
class DefineError < StandardError
|
26
|
+
def initialize(msg='cowardly refusing to redefine existing key') = super
|
27
|
+
end
|
24
28
|
end
|
25
29
|
end
|
@@ -47,6 +47,20 @@ module Dry
|
|
47
47
|
end
|
48
48
|
end
|
49
49
|
|
50
|
+
# Define a dynamic secret
|
51
|
+
#
|
52
|
+
# @param key [Symbol, String] name of the dynamic secret
|
53
|
+
# @yield [Dry::Credentials::Extension] compose the dynamic secret using
|
54
|
+
# the static credentials yielded and other inputs such as `ENV`
|
55
|
+
# @yieldreturn [Object] dynamic secret
|
56
|
+
# @raise [Types] description
|
57
|
+
# @return [self]
|
58
|
+
def define!(key, &block)
|
59
|
+
fail Dry::Credentials::DefineError if respond_to? key
|
60
|
+
define_singleton_method(key) { block.call(self) }
|
61
|
+
self
|
62
|
+
end
|
63
|
+
|
50
64
|
# Query settings
|
51
65
|
#
|
52
66
|
# @param setting [String] name of the setting
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dry-credentials
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sven Schwyn
|
@@ -28,7 +28,7 @@ cert_chain:
|
|
28
28
|
jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
|
29
29
|
boIgxQCMT+nxBHCD
|
30
30
|
-----END CERTIFICATE-----
|
31
|
-
date:
|
31
|
+
date: 2025-01-05 00:00:00.000000000 Z
|
32
32
|
dependencies:
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: base64
|
metadata.gz.sig
CHANGED
Binary file
|