ejson-rails 0.1.1 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: d6ed554914ffee19b94116f0ce94f3796b680ba0
4
- data.tar.gz: 1b4f1b1f4e81b8f6bcb1b1468ba5452e0ba5f5c1
2
+ SHA256:
3
+ metadata.gz: 69f79981ad2617db5951c38bdef5d9fb77dedd27e52378f3fa460e5af89435b0
4
+ data.tar.gz: 7ded0b73fc84ae62c508afa5e2c185f85edd83a12872a326c11a9df91292b577
5
5
  SHA512:
6
- metadata.gz: d42411a44030e8b7ca186f2e69c24df8deefcad1d49195108651e8358f4f0eceeee08a5311f7f497b6cd935eefdaca6765847a7588d9603301bf2ccf5059648c
7
- data.tar.gz: 90759c997260d05d7443315ab12adcd84c033aed5588450db8de6833f393dc62b2f67296cb5cf25889d989ff030edbe07faf2689b81b3461b0babec05e5c7c0e
6
+ metadata.gz: bbe4e714ed9a6f110a781e8f8e1fdde6a26695f949798dd8eabdd9ba59a5321a1928dc6d6b2d6f9b685c89232873b4fa00dbfac0daefd10acc7dee09baf8f2c2
7
+ data.tar.gz: 15e2abb7e802deeaa5358ec6cd10f52576a4402bf490bcae5121152fa1cde54d29cafd2899ccb4244274dd809f61b09331ff7e1d4d77dde38ce0fa9813f9ae1c
@@ -0,0 +1,39 @@
1
+ name: CI
2
+
3
+ on: push
4
+
5
+ jobs:
6
+ ruby-tests:
7
+ runs-on: ubuntu-latest
8
+
9
+ strategy:
10
+ matrix:
11
+ entry:
12
+ - name: Minimum Rails
13
+ ruby: '2.7'
14
+ gemfile: Gemfile.rails-min
15
+ - name: Latest Rails
16
+ ruby: '3.2'
17
+ gemfile: Gemfile.rails-latest
18
+ - name: Edge Rails
19
+ ruby: '3.2'
20
+ gemfile: "Gemfile.rails-edge"
21
+
22
+ name: ${{ matrix.entry.name }}
23
+ env:
24
+ BUNDLE_GEMFILE: gemfiles/${{ matrix.entry.gemfile }}
25
+ steps:
26
+ - uses: actions/checkout@v3
27
+ name: Checkout
28
+
29
+ - uses: ruby/setup-ruby@v1
30
+ name: Use Ruby ${{ matrix.entry.ruby }}
31
+ with:
32
+ ruby-version: ${{ matrix.entry.ruby }}
33
+ bundler-cache: true
34
+
35
+ - name: 💅🏼 Lint
36
+ run: bundle exec rubocop --fail-fast
37
+
38
+ - name: Test
39
+ run: bundle exec rake spec
@@ -0,0 +1,22 @@
1
+ name: Contributor License Agreement (CLA)
2
+
3
+ on:
4
+ pull_request_target:
5
+ types: [opened, synchronize]
6
+ issue_comment:
7
+ types: [created]
8
+
9
+ jobs:
10
+ cla:
11
+ runs-on: ubuntu-latest
12
+ if: |
13
+ (github.event.issue.pull_request
14
+ && !github.event.issue.pull_request.merged_at
15
+ && contains(github.event.comment.body, 'signed')
16
+ )
17
+ || (github.event.pull_request && !github.event.pull_request.merged)
18
+ steps:
19
+ - uses: Shopify/shopify-cla-action@v1
20
+ with:
21
+ github-token: ${{ secrets.GITHUB_TOKEN }}
22
+ cla-token: ${{ secrets.CLA_TOKEN }}
data/.gitignore CHANGED
@@ -9,6 +9,3 @@
9
9
 
10
10
  # rspec failure tracking
11
11
  .rspec_status
12
-
13
- # rubocop config
14
- .rubocop-http-*
data/.rubocop.yml CHANGED
@@ -1,5 +1,9 @@
1
- inherit_from:
2
- - http://shopify.github.io/ruby-style-guide/rubocop.yml
1
+ inherit_gem:
2
+ rubocop-shopify: rubocop.yml
3
3
 
4
4
  AllCops:
5
- TargetRubyVersion: 2.5.1
5
+ NewCops: disable
6
+ SuggestExtensions: false
7
+ TargetRubyVersion: 3.2
8
+ Exclude:
9
+ - vendor/bundle/**/*
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.5.1
1
+ 3.2.0
data/Gemfile CHANGED
@@ -6,3 +6,6 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
6
6
 
7
7
  # Specify your gem's dependencies in ejson-rails.gemspec
8
8
  gemspec
9
+
10
+ gem("rubocop", require: false)
11
+ gem("rubocop-shopify", require: false)
data/Gemfile.lock CHANGED
@@ -1,104 +1,150 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ejson-rails (0.1.1)
4
+ ejson-rails (0.2.1)
5
5
  ejson
6
- railties (>= 4.1)
6
+ railties (>= 5.2)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actionpack (5.2.0)
12
- actionview (= 5.2.0)
13
- activesupport (= 5.2.0)
14
- rack (~> 2.0)
11
+ actionpack (7.1.2)
12
+ actionview (= 7.1.2)
13
+ activesupport (= 7.1.2)
14
+ nokogiri (>= 1.8.5)
15
+ racc
16
+ rack (>= 2.2.4)
17
+ rack-session (>= 1.0.1)
15
18
  rack-test (>= 0.6.3)
16
- rails-dom-testing (~> 2.0)
17
- rails-html-sanitizer (~> 1.0, >= 1.0.2)
18
- actionview (5.2.0)
19
- activesupport (= 5.2.0)
19
+ rails-dom-testing (~> 2.2)
20
+ rails-html-sanitizer (~> 1.6)
21
+ actionview (7.1.2)
22
+ activesupport (= 7.1.2)
20
23
  builder (~> 3.1)
21
- erubi (~> 1.4)
22
- rails-dom-testing (~> 2.0)
23
- rails-html-sanitizer (~> 1.0, >= 1.0.3)
24
- activesupport (5.2.0)
24
+ erubi (~> 1.11)
25
+ rails-dom-testing (~> 2.2)
26
+ rails-html-sanitizer (~> 1.6)
27
+ activesupport (7.1.2)
28
+ base64
29
+ bigdecimal
25
30
  concurrent-ruby (~> 1.0, >= 1.0.2)
26
- i18n (>= 0.7, < 2)
27
- minitest (~> 5.1)
28
- tzinfo (~> 1.1)
29
- ast (2.4.0)
30
- builder (3.2.3)
31
- concurrent-ruby (1.0.5)
32
- crass (1.0.4)
33
- diff-lcs (1.3)
34
- ejson (1.1.0)
35
- erubi (1.7.1)
36
- i18n (1.0.1)
31
+ connection_pool (>= 2.2.5)
32
+ drb
33
+ i18n (>= 1.6, < 2)
34
+ minitest (>= 5.1)
35
+ mutex_m
36
+ tzinfo (~> 2.0)
37
+ ast (2.4.2)
38
+ base64 (0.2.0)
39
+ bigdecimal (3.1.4)
40
+ builder (3.2.4)
41
+ concurrent-ruby (1.2.2)
42
+ connection_pool (2.4.1)
43
+ crass (1.0.6)
44
+ diff-lcs (1.4.4)
45
+ drb (2.2.0)
46
+ ruby2_keywords
47
+ ejson (1.4.1)
48
+ erubi (1.12.0)
49
+ i18n (1.14.1)
37
50
  concurrent-ruby (~> 1.0)
38
- loofah (2.2.2)
51
+ io-console (0.6.0)
52
+ irb (1.10.0)
53
+ rdoc
54
+ reline (>= 0.3.8)
55
+ json (2.6.3)
56
+ loofah (2.22.0)
39
57
  crass (~> 1.0.2)
40
- nokogiri (>= 1.5.9)
41
- method_source (0.9.0)
42
- mini_portile2 (2.3.0)
43
- minitest (5.11.3)
44
- nokogiri (1.8.3)
45
- mini_portile2 (~> 2.3.0)
46
- parallel (1.12.1)
47
- parser (2.5.1.0)
48
- ast (~> 2.4.0)
49
- powerpack (0.1.1)
50
- rack (2.0.5)
51
- rack-test (1.0.0)
52
- rack (>= 1.0, < 3)
53
- rails-dom-testing (2.0.3)
54
- activesupport (>= 4.2.0)
58
+ nokogiri (>= 1.12.0)
59
+ mini_portile2 (2.8.5)
60
+ minitest (5.20.0)
61
+ mutex_m (0.2.0)
62
+ nokogiri (1.15.5)
63
+ mini_portile2 (~> 2.8.2)
64
+ racc (~> 1.4)
65
+ parallel (1.22.1)
66
+ parser (3.2.0.0)
67
+ ast (~> 2.4.1)
68
+ psych (5.1.1.1)
69
+ stringio
70
+ racc (1.7.3)
71
+ rack (3.0.8)
72
+ rack-session (2.0.0)
73
+ rack (>= 3.0.0)
74
+ rack-test (2.1.0)
75
+ rack (>= 1.3)
76
+ rackup (2.1.0)
77
+ rack (>= 3)
78
+ webrick (~> 1.8)
79
+ rails-dom-testing (2.2.0)
80
+ activesupport (>= 5.0.0)
81
+ minitest
55
82
  nokogiri (>= 1.6)
56
- rails-html-sanitizer (1.0.4)
57
- loofah (~> 2.2, >= 2.2.2)
58
- railties (5.2.0)
59
- actionpack (= 5.2.0)
60
- activesupport (= 5.2.0)
61
- method_source
62
- rake (>= 0.8.7)
63
- thor (>= 0.18.1, < 2.0)
64
- rainbow (3.0.0)
65
- rake (10.5.0)
66
- rspec (3.7.0)
67
- rspec-core (~> 3.7.0)
68
- rspec-expectations (~> 3.7.0)
69
- rspec-mocks (~> 3.7.0)
70
- rspec-core (3.7.1)
71
- rspec-support (~> 3.7.0)
72
- rspec-expectations (3.7.0)
83
+ rails-html-sanitizer (1.6.0)
84
+ loofah (~> 2.21)
85
+ nokogiri (~> 1.14)
86
+ railties (7.1.2)
87
+ actionpack (= 7.1.2)
88
+ activesupport (= 7.1.2)
89
+ irb
90
+ rackup (>= 1.0.0)
91
+ rake (>= 12.2)
92
+ thor (~> 1.0, >= 1.2.2)
93
+ zeitwerk (~> 2.6)
94
+ rainbow (3.1.1)
95
+ rake (13.0.6)
96
+ rdoc (6.6.0)
97
+ psych (>= 4.0.0)
98
+ regexp_parser (2.6.1)
99
+ reline (0.4.1)
100
+ io-console (~> 0.5)
101
+ rexml (3.2.5)
102
+ rspec (3.10.0)
103
+ rspec-core (~> 3.10.0)
104
+ rspec-expectations (~> 3.10.0)
105
+ rspec-mocks (~> 3.10.0)
106
+ rspec-core (3.10.1)
107
+ rspec-support (~> 3.10.0)
108
+ rspec-expectations (3.10.1)
73
109
  diff-lcs (>= 1.2.0, < 2.0)
74
- rspec-support (~> 3.7.0)
75
- rspec-mocks (3.7.0)
110
+ rspec-support (~> 3.10.0)
111
+ rspec-mocks (3.10.2)
76
112
  diff-lcs (>= 1.2.0, < 2.0)
77
- rspec-support (~> 3.7.0)
78
- rspec-support (3.7.1)
79
- rubocop (0.56.0)
113
+ rspec-support (~> 3.10.0)
114
+ rspec-support (3.10.2)
115
+ rubocop (1.43.0)
116
+ json (~> 2.3)
80
117
  parallel (~> 1.10)
81
- parser (>= 2.5)
82
- powerpack (~> 0.1)
118
+ parser (>= 3.2.0.0)
83
119
  rainbow (>= 2.2.2, < 4.0)
120
+ regexp_parser (>= 1.8, < 3.0)
121
+ rexml (>= 3.2.5, < 4.0)
122
+ rubocop-ast (>= 1.24.1, < 2.0)
84
123
  ruby-progressbar (~> 1.7)
85
- unicode-display_width (~> 1.0, >= 1.0.1)
86
- ruby-progressbar (1.9.0)
87
- thor (0.20.0)
88
- thread_safe (0.3.6)
89
- tzinfo (1.2.5)
90
- thread_safe (~> 0.1)
91
- unicode-display_width (1.3.2)
124
+ unicode-display_width (>= 2.4.0, < 3.0)
125
+ rubocop-ast (1.24.1)
126
+ parser (>= 3.1.1.0)
127
+ rubocop-shopify (2.11.1)
128
+ rubocop (~> 1.42)
129
+ ruby-progressbar (1.11.0)
130
+ ruby2_keywords (0.0.5)
131
+ stringio (3.1.0)
132
+ thor (1.3.0)
133
+ tzinfo (2.0.6)
134
+ concurrent-ruby (~> 1.0)
135
+ unicode-display_width (2.4.2)
136
+ webrick (1.8.1)
137
+ zeitwerk (2.6.12)
92
138
 
93
139
  PLATFORMS
94
140
  ruby
95
141
 
96
142
  DEPENDENCIES
97
- bundler (~> 1.16)
98
143
  ejson-rails!
99
- rake (~> 10.0)
144
+ rake (~> 13.0)
100
145
  rspec (~> 3.0)
101
- rubocop (~> 0.56)
146
+ rubocop
147
+ rubocop-shopify
102
148
 
103
149
  BUNDLED WITH
104
- 1.16.1
150
+ 2.3.17
data/LICENSE.txt CHANGED
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright (c) 2018 Shopify
3
+ Copyright (c) 2018-present Shopify Inc.
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -1,8 +1,8 @@
1
1
  # EJSON::Rails
2
2
 
3
- [![Build Status](https://travis-ci.com/Shopify/ejson-rails.svg?token=ShuwwQhmf65yNstgcUSy&branch=master)](https://travis-ci.com/Shopify/ejson-rails)
3
+ [![Build Status](https://github.com/Shopify/ejson-rails/workflows/CI/badge.svg?branch=main)](https://github.com/Shopify/ejson-rails/actions?query=branch%3Amain)
4
4
 
5
- Automatically injects `ejson` decrypted secrets into your `Rails.application.secrets`.
5
+ Automatically injects [`ejson`](https://github.com/Shopify/ejson) decrypted secrets into your `Rails.application.secrets`.
6
6
 
7
7
  ## Installation
8
8
 
@@ -22,14 +22,122 @@ Or install it yourself as:
22
22
 
23
23
  ## Usage
24
24
 
25
- Decrypted secrets from `project/config/secrets.json` (or `project/config/secrets.{current_rails_environment}.json` if that doesn't exist) will be accessible via `Rails.application.secrets`. For example:
25
+ Decrypted secrets and credentials from `project/config/secrets.json` (or `project/config/secrets.{current_rails_environment}.json` if that doesn't exist) will be accessible via `Rails.application.secrets`. For example:
26
26
 
27
+ `# project/config/secrets.json`
27
28
  ```json
28
- // project/config/secrets.json
29
29
  { "some_secret": "key" }
30
30
  ```
31
31
 
32
- will be accessible via `Rails.application.secrets.some_secret` or `Rails.application.secrets[:some_secret]` on boot. JSON files are loaded once and contents are `deep_merge`'d into your app's existing rails secrets.
32
+ will be accessible via `Rails.application.secrets.some_secret` or `Rails.application.secrets[:some_secret]` upon booting. JSON files are loaded once and contents are `deep_merge`'d into your app's existing rails secrets.
33
+
34
+ Secrets will also be accessible via `Rails.application.credentials`, e.g. `Rails.application.credentials.some_secret` or `Rails.application.credentials[:some_secret]`. To avoid subtle compatibility issues, if a credential already exists, an error will occur.
35
+
36
+ If you set the `EJSON_RAILS_DELETE_SECRETS` environment variable to `true` the gem will automatically delete the secrets from the filesystem after loading them into Rails. It will delete both paths (`project/config/secrets.json` and `project/config/secrets.{current_rails_environment}.json`) if the files exist and are writable.
37
+
38
+ NOTE: This gem does not decrypt ejson for you. You will need to configure this as part of your deployment pipeline.
39
+
40
+ ## Migrating to credentials
41
+
42
+ Rails 7.1 has deprecated application secrets in favor of credentials. ejson-rails can migrate secrets to application credentials.
43
+
44
+ Even before running Rails 7.1, you can migrate your secrets in several steps:
45
+ 1. Convert secrets from YAML to JSON
46
+ 2. Move any ERB embedded within the YAML to the corresponding environment file
47
+ 3. Use `Rails.application.credentials` in place of Rails secrets
48
+
49
+ ### 1. Convert secrets from config/secrets.yml to config/secrets.json
50
+
51
+ Typically, secrets share the same structure across different environments. While test secrets are often placeholders, development secrets may sometimes use environment variables to communicate with external services.
52
+ In that case, the easiest way to migrate is to use the test secrets in all local environments, and override for development as needed:
53
+
54
+ ```sh-session
55
+ # Recommended
56
+ bin/rails runner -e test 'Rails.root.join("config/secrets.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
57
+ ```
58
+
59
+ > [!NOTE]
60
+ > Alternatively, if its necessary to configure distinct values between the development/test environment, you can use separate JSON files for the development/test environments:
61
+ >
62
+ > ```sh-session
63
+ > bin/rails runner 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
64
+ > bin/rails runner -e test 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
65
+ > ```
66
+
67
+ ### 2. Move any ERB into the corresponding environment files
68
+
69
+ YAML supports ERB while JSON secrets do not. If your secrets contain ERB, you will need to move that logic to the corresponding environment file:
70
+
71
+ **Before**:
72
+
73
+ `config/secrets.yml`
74
+ ```yaml
75
+ development:
76
+ some_external_service:
77
+ api_token: <%= ENV.fetch(SOME_EXTERNAL_SERVICE_API_TOKEN, "12345") %>
78
+ ```
79
+
80
+ **After**:
81
+
82
+ `config/secrets.json` as generated by the *recommended* command above.
83
+ ```json
84
+ {
85
+ "some_external_service": {
86
+ "api_token": "12345"
87
+ },
88
+ "something_else_entirely": "abc"
89
+ }
90
+ ```
91
+
92
+ `config/environments/development.rb`
93
+ ```ruby
94
+ Rails.application.configure do
95
+ # elided
96
+
97
+ credentials.some_external_service.api_token = ENV.fetch("SOME_EXTERNAL_SERVICE_API_TOKEN", "12345")
98
+ credentials.something_else_entirely = ENV.fetch("SOMETHING_ELSE_ENTIRELY", "abc")
99
+ end
100
+ ```
101
+
102
+ #### Rails 7.0 Note
103
+ > [!NOTE]
104
+ > In Rails 7.0, credentials are accessed as a Hash with [] and []=.. This is important because the dynamic accessor methods will set values in a different object, and credentials will behave inconsistently after that:
105
+
106
+ ```ruby
107
+ Rails.application.credentials.some_external_service.api_token = "foo"
108
+ Rails.application.credentials[:some_external_service][:api_token] # => "12345"
109
+ ```
110
+
111
+ Also note the code sets top-level values through `credentials.config`, because `credentials#[]=(key, value)` sets values in a different object.
112
+
113
+ ```ruby
114
+ Rails.application.credentials[:something_else_entirely] = "foo"
115
+ Rails.application.credentials[:something_else_entirely] # => "abc"
116
+ ```
117
+
118
+ Make sure there's no code using the dynamic accessors before setting the configuration in the Hash, or the values won't be accessible from the dynamic accessor:
119
+
120
+ ```ruby
121
+ Rails.application.credentials.something_else_entirely # just accessing is enough to cause the issue
122
+ Rails.application.credentials[:some_external_service][:api_token] = "foo"
123
+ Rails.application.credentials.some_external_service.api_token # => "12345"
124
+ ```
125
+
126
+ ### 3. Use `Rails.application.credentials`
127
+
128
+ You are now ready to replace Rails secrets with Rails credentials:
129
+
130
+ ```sh-session
131
+ git ls-files | xargs ruby -pi -e 'gsub("Rails.application.secrets", "Rails.application.credentials")' --
132
+ ```
133
+
134
+ To avoid the deprecation warning from the use of secrets in `ejson-rails` once you're running Rails 7.1, require another file from your Gemfile:
135
+
136
+ ```ruby
137
+ gem 'ejson-rails', require: 'ejson/rails/skip_secrets'
138
+ ```
139
+
140
+ With this require, ejson-rails will no longer merge secrets from JSON into `Rails.application.secrets`. This will be the default in the next major version.
33
141
 
34
142
  ## Development
35
143
 
data/ejson-rails.gemspec CHANGED
@@ -14,18 +14,20 @@ Gem::Specification.new do |spec|
14
14
  spec.description = "Rails secret management by encrypting values in a JSON hash with a public/private keypair"
15
15
  spec.homepage = "https://github.com/Shopify/ejson-rails"
16
16
  spec.license = "MIT"
17
- spec.files = `git ls-files -z`.split("\x0").reject do |f|
17
+ spec.files = %x(git ls-files -z).split("\x0").reject do |f|
18
18
  f.match(%r{^(test|spec|features)/})
19
19
  end
20
20
  spec.bindir = "exe"
21
21
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
22
22
  spec.require_paths = ["lib"]
23
23
 
24
- spec.add_dependency "ejson"
25
- spec.add_dependency "railties", ">= 4.1"
24
+ spec.metadata = { "allowed_push_host" => "https://rubygems.org" }
26
25
 
27
- spec.add_development_dependency "bundler", "~> 1.16"
28
- spec.add_development_dependency "rake", "~> 10.0"
29
- spec.add_development_dependency "rspec", "~> 3.0"
30
- spec.add_development_dependency "rubocop", "~> 0.56"
26
+ spec.required_ruby_version = ">= 2.7.0"
27
+
28
+ spec.add_dependency("ejson")
29
+ spec.add_dependency("railties", ">= 5.2")
30
+
31
+ spec.add_development_dependency("rake", "~> 13.0")
32
+ spec.add_development_dependency("rspec", "~> 3.0")
31
33
  end
@@ -0,0 +1,5 @@
1
+ source 'https://rubygems.org'
2
+
3
+ eval_gemfile('../Gemfile')
4
+
5
+ gem 'railties', github: 'rails/rails', branch: 'main'
@@ -0,0 +1,5 @@
1
+ source 'https://rubygems.org'
2
+
3
+ eval_gemfile('../Gemfile')
4
+
5
+ gem 'railties'
@@ -0,0 +1,5 @@
1
+ source 'https://rubygems.org'
2
+
3
+ eval_gemfile('../Gemfile')
4
+
5
+ gem 'railties', '5.2'
@@ -6,11 +6,26 @@ module EJSON
6
6
  private_constant :Rails
7
7
 
8
8
  class Railtie < Rails::Railtie
9
+ singleton_class.attr_accessor(:set_secrets)
10
+ @set_secrets = true
11
+
9
12
  config.before_configuration do
10
- json_files.each do |file|
11
- next unless valid?(file)
12
- secrets = JSON.parse(file.read, symbolize_names: true)
13
- break Rails.application.secrets.deep_merge!(secrets)
13
+ json_file = json_files.detect { |file| valid?(file) }
14
+ next unless json_file
15
+
16
+ secrets = JSON.parse(json_file.read, symbolize_names: true)
17
+ Rails.application.secrets.deep_merge!(secrets) if set_secrets
18
+ # Merging into `credentials.config` because in Rails 7.0, reading a credential with
19
+ # Rails.application.credentials[:some_credential] won't work otherwise.
20
+ Rails.application.credentials.config.deep_merge!(secrets) do |key|
21
+ raise "A credential already exists with the same name: #{key}"
22
+ end
23
+
24
+ # Delete the loaded JSON files so they are no longer readable by the app.
25
+ if ENV["EJSON_RAILS_DELETE_SECRETS"] == "true"
26
+ json_files.each do |pathname|
27
+ File.delete(pathname) if File.writable?(pathname)
28
+ end
14
29
  end
15
30
  end
16
31
 
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "ejson/rails"
4
+
5
+ EJSON::Rails::Railtie.set_secrets = false
@@ -2,6 +2,6 @@
2
2
 
3
3
  module EJSON
4
4
  module Rails
5
- VERSION = "0.1.1"
5
+ VERSION = "0.2.1"
6
6
  end
7
7
  end
data/lib/ejson/rails.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'rails'
4
- require 'ejson/rails/railtie'
3
+ require "rails"
4
+ require "ejson/rails/railtie"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ejson-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gannon McGibbon
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-06-21 00:00:00.000000000 Z
11
+ date: 2023-12-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ejson
@@ -30,42 +30,28 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '4.1'
33
+ version: '5.2'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '4.1'
41
- - !ruby/object:Gem::Dependency
42
- name: bundler
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - "~>"
46
- - !ruby/object:Gem::Version
47
- version: '1.16'
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - "~>"
53
- - !ruby/object:Gem::Version
54
- version: '1.16'
40
+ version: '5.2'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rake
57
43
  requirement: !ruby/object:Gem::Requirement
58
44
  requirements:
59
45
  - - "~>"
60
46
  - !ruby/object:Gem::Version
61
- version: '10.0'
47
+ version: '13.0'
62
48
  type: :development
63
49
  prerelease: false
64
50
  version_requirements: !ruby/object:Gem::Requirement
65
51
  requirements:
66
52
  - - "~>"
67
53
  - !ruby/object:Gem::Version
68
- version: '10.0'
54
+ version: '13.0'
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: rspec
71
57
  requirement: !ruby/object:Gem::Requirement
@@ -80,20 +66,6 @@ dependencies:
80
66
  - - "~>"
81
67
  - !ruby/object:Gem::Version
82
68
  version: '3.0'
83
- - !ruby/object:Gem::Dependency
84
- name: rubocop
85
- requirement: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - "~>"
88
- - !ruby/object:Gem::Version
89
- version: '0.56'
90
- type: :development
91
- prerelease: false
92
- version_requirements: !ruby/object:Gem::Requirement
93
- requirements:
94
- - - "~>"
95
- - !ruby/object:Gem::Version
96
- version: '0.56'
97
69
  description: Rails secret management by encrypting values in a JSON hash with a public/private
98
70
  keypair
99
71
  email:
@@ -102,11 +74,12 @@ executables: []
102
74
  extensions: []
103
75
  extra_rdoc_files: []
104
76
  files:
77
+ - ".github/workflows/ci.yml"
78
+ - ".github/workflows/cla.yml"
105
79
  - ".gitignore"
106
80
  - ".rspec"
107
81
  - ".rubocop.yml"
108
82
  - ".ruby-version"
109
- - ".travis.yml"
110
83
  - Gemfile
111
84
  - Gemfile.lock
112
85
  - LICENSE.txt
@@ -115,17 +88,19 @@ files:
115
88
  - bin/console
116
89
  - bin/setup
117
90
  - ejson-rails.gemspec
118
- - gemfiles/Gemfile.rails-5-0-stable
119
- - gemfiles/Gemfile.rails-5-1-stable
120
- - gemfiles/Gemfile.rails-5-2-stable
91
+ - gemfiles/Gemfile.rails-edge
92
+ - gemfiles/Gemfile.rails-latest
93
+ - gemfiles/Gemfile.rails-min
121
94
  - lib/ejson/rails.rb
122
95
  - lib/ejson/rails/railtie.rb
96
+ - lib/ejson/rails/skip_secrets.rb
123
97
  - lib/ejson/rails/version.rb
124
98
  - shipit.rubygems.yml
125
99
  homepage: https://github.com/Shopify/ejson-rails
126
100
  licenses:
127
101
  - MIT
128
- metadata: {}
102
+ metadata:
103
+ allowed_push_host: https://rubygems.org
129
104
  post_install_message:
130
105
  rdoc_options: []
131
106
  require_paths:
@@ -134,15 +109,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
134
109
  requirements:
135
110
  - - ">="
136
111
  - !ruby/object:Gem::Version
137
- version: '0'
112
+ version: 2.7.0
138
113
  required_rubygems_version: !ruby/object:Gem::Requirement
139
114
  requirements:
140
115
  - - ">="
141
116
  - !ruby/object:Gem::Version
142
117
  version: '0'
143
118
  requirements: []
144
- rubyforge_project:
145
- rubygems_version: 2.6.14
119
+ rubygems_version: 3.4.21
146
120
  signing_key:
147
121
  specification_version: 4
148
122
  summary: Asymmetric keywise encryption for JSON on Rails
data/.travis.yml DELETED
@@ -1,57 +0,0 @@
1
- sudo: false
2
- cache: bundler
3
- language: ruby
4
- rvm:
5
- - 2.0.0
6
- - 2.1.10
7
- - 2.2.7
8
- - 2.3.4
9
- - 2.4.1
10
- - 2.5.0
11
- - ruby-head
12
- - jruby-9.1.14.0
13
- gemfile:
14
- - gemfiles/Gemfile.rails-5-0-stable
15
- - gemfiles/Gemfile.rails-5-1-stable
16
- - gemfiles/Gemfile.rails-5-2-stable
17
- - Gemfile
18
- matrix:
19
- allow_failures:
20
- - rvm: ruby-head
21
- exclude:
22
- - rvm: 2.0.0
23
- gemfile: Gemfile
24
- - rvm: 2.1.10
25
- gemfile: Gemfile
26
- - rvm: jruby-9.1.14.0
27
- gemfile: Gemfile
28
- - rvm: 1.9.3
29
- gemfile: gemfiles/Gemfile.rails-5-0-stable
30
- - rvm: 2.0.0
31
- gemfile: gemfiles/Gemfile.rails-5-0-stable
32
- - rvm: 2.1.10
33
- gemfile: gemfiles/Gemfile.rails-5-0-stable
34
- - rvm: jruby-9.1.14.0
35
- gemfile: gemfiles/Gemfile.rails-5-0-stable
36
- - rvm: jruby-9.1.14.0
37
- gemfile: gemfiles/Gemfile.rails-5-1-stable
38
- - rvm: 1.9.3
39
- gemfile: gemfiles/Gemfile.rails-5-1-stable
40
- - rvm: 2.0.0
41
- gemfile: gemfiles/Gemfile.rails-5-1-stable
42
- - rvm: 2.1.10
43
- gemfile: gemfiles/Gemfile.rails-5-1-stable
44
- - rvm: jruby-9.1.14.0
45
- gemfile: gemfiles/Gemfile.rails-5-2-stable
46
- - rvm: 1.9.3
47
- gemfile: gemfiles/Gemfile.rails-5-2-stable
48
- - rvm: 2.0.0
49
- gemfile: gemfiles/Gemfile.rails-5-2-stable
50
- - rvm: 2.1.10
51
- gemfile: gemfiles/Gemfile.rails-5-2-stable
52
-
53
- before_install:
54
- - gem update --system
55
-
56
- notifications:
57
- email: false
@@ -1,10 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- gemspec path: '..'
4
-
5
- platforms :rbx do
6
- gem 'rubysl', '~> 2.0'
7
- gem 'rubinius-developer_tools'
8
- end
9
-
10
- gem 'railties', github: 'rails/rails', branch: '5-0-stable'
@@ -1,10 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- gemspec path: '..'
4
-
5
- platforms :rbx do
6
- gem 'rubysl', '~> 2.0'
7
- gem 'rubinius-developer_tools'
8
- end
9
-
10
- gem 'railties', github: 'rails/rails', branch: '5-1-stable'
@@ -1,10 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- gemspec path: '..'
4
-
5
- platforms :rbx do
6
- gem 'rubysl', '~> 2.0'
7
- gem 'rubinius-developer_tools'
8
- end
9
-
10
- gem 'railties', github: 'rails/rails', branch: '5-2-stable'