ejson-rails 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +62 -30
  3. data/README.md +36 -17
  4. data/lib/ejson/rails/railtie.rb +7 -0
  5. data/lib/ejson/rails/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 31b8ead062c2323086dbdaa211878c04ce3cb3ee3203882ca13efa9b6ba8f3a3
4
- data.tar.gz: 3bc548e0db8eac2a33ccdf849e0fb2dbcddd7fe7ea0a537cab1e6e153fccb01e
3
+ metadata.gz: 69f79981ad2617db5951c38bdef5d9fb77dedd27e52378f3fa460e5af89435b0
4
+ data.tar.gz: 7ded0b73fc84ae62c508afa5e2c185f85edd83a12872a326c11a9df91292b577
5
5
  SHA512:
6
- metadata.gz: 03b463b72d2a9efdf4e8e9f461a4146e60c52ba53a4d0c17554b4ff1582aa34d332310c70f5f73061279486963f199900002d29b23356fc84411b2e230913a58
7
- data.tar.gz: 42f3dc896ce52a593c67e65fe7c72dd5b6ec4d3cc22690350cd9a964ee06c6799cc362390e938f8e1dbcee01259c48195aed2632f84342460ab089c9476ef018
6
+ metadata.gz: bbe4e714ed9a6f110a781e8f8e1fdde6a26695f949798dd8eabdd9ba59a5321a1928dc6d6b2d6f9b685c89232873b4fa00dbfac0daefd10acc7dee09baf8f2c2
7
+ data.tar.gz: 15e2abb7e802deeaa5358ec6cd10f52576a4402bf490bcae5121152fa1cde54d29cafd2899ccb4244274dd809f61b09331ff7e1d4d77dde38ce0fa9813f9ae1c
data/Gemfile.lock CHANGED
@@ -1,74 +1,103 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ejson-rails (0.2.0)
4
+ ejson-rails (0.2.1)
5
5
  ejson
6
6
  railties (>= 5.2)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actionpack (7.0.6)
12
- actionview (= 7.0.6)
13
- activesupport (= 7.0.6)
14
- rack (~> 2.0, >= 2.2.4)
11
+ actionpack (7.1.2)
12
+ actionview (= 7.1.2)
13
+ activesupport (= 7.1.2)
14
+ nokogiri (>= 1.8.5)
15
+ racc
16
+ rack (>= 2.2.4)
17
+ rack-session (>= 1.0.1)
15
18
  rack-test (>= 0.6.3)
16
- rails-dom-testing (~> 2.0)
17
- rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
- actionview (7.0.6)
19
- activesupport (= 7.0.6)
19
+ rails-dom-testing (~> 2.2)
20
+ rails-html-sanitizer (~> 1.6)
21
+ actionview (7.1.2)
22
+ activesupport (= 7.1.2)
20
23
  builder (~> 3.1)
21
- erubi (~> 1.4)
22
- rails-dom-testing (~> 2.0)
23
- rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
- activesupport (7.0.6)
24
+ erubi (~> 1.11)
25
+ rails-dom-testing (~> 2.2)
26
+ rails-html-sanitizer (~> 1.6)
27
+ activesupport (7.1.2)
28
+ base64
29
+ bigdecimal
25
30
  concurrent-ruby (~> 1.0, >= 1.0.2)
31
+ connection_pool (>= 2.2.5)
32
+ drb
26
33
  i18n (>= 1.6, < 2)
27
34
  minitest (>= 5.1)
35
+ mutex_m
28
36
  tzinfo (~> 2.0)
29
37
  ast (2.4.2)
38
+ base64 (0.2.0)
39
+ bigdecimal (3.1.4)
30
40
  builder (3.2.4)
31
41
  concurrent-ruby (1.2.2)
42
+ connection_pool (2.4.1)
32
43
  crass (1.0.6)
33
44
  diff-lcs (1.4.4)
34
- ejson (1.3.1)
45
+ drb (2.2.0)
46
+ ruby2_keywords
47
+ ejson (1.4.1)
35
48
  erubi (1.12.0)
36
49
  i18n (1.14.1)
37
50
  concurrent-ruby (~> 1.0)
51
+ io-console (0.6.0)
52
+ irb (1.10.0)
53
+ rdoc
54
+ reline (>= 0.3.8)
38
55
  json (2.6.3)
39
- loofah (2.21.3)
56
+ loofah (2.22.0)
40
57
  crass (~> 1.0.2)
41
58
  nokogiri (>= 1.12.0)
42
- method_source (1.0.0)
43
- mini_portile2 (2.8.4)
44
- minitest (5.18.1)
45
- nokogiri (1.15.3)
59
+ mini_portile2 (2.8.5)
60
+ minitest (5.20.0)
61
+ mutex_m (0.2.0)
62
+ nokogiri (1.15.5)
46
63
  mini_portile2 (~> 2.8.2)
47
64
  racc (~> 1.4)
48
65
  parallel (1.22.1)
49
66
  parser (3.2.0.0)
50
67
  ast (~> 2.4.1)
51
- racc (1.7.1)
52
- rack (2.2.7)
68
+ psych (5.1.1.1)
69
+ stringio
70
+ racc (1.7.3)
71
+ rack (3.0.8)
72
+ rack-session (2.0.0)
73
+ rack (>= 3.0.0)
53
74
  rack-test (2.1.0)
54
75
  rack (>= 1.3)
55
- rails-dom-testing (2.1.1)
76
+ rackup (2.1.0)
77
+ rack (>= 3)
78
+ webrick (~> 1.8)
79
+ rails-dom-testing (2.2.0)
56
80
  activesupport (>= 5.0.0)
57
81
  minitest
58
82
  nokogiri (>= 1.6)
59
83
  rails-html-sanitizer (1.6.0)
60
84
  loofah (~> 2.21)
61
85
  nokogiri (~> 1.14)
62
- railties (7.0.6)
63
- actionpack (= 7.0.6)
64
- activesupport (= 7.0.6)
65
- method_source
86
+ railties (7.1.2)
87
+ actionpack (= 7.1.2)
88
+ activesupport (= 7.1.2)
89
+ irb
90
+ rackup (>= 1.0.0)
66
91
  rake (>= 12.2)
67
- thor (~> 1.0)
68
- zeitwerk (~> 2.5)
92
+ thor (~> 1.0, >= 1.2.2)
93
+ zeitwerk (~> 2.6)
69
94
  rainbow (3.1.1)
70
95
  rake (13.0.6)
96
+ rdoc (6.6.0)
97
+ psych (>= 4.0.0)
71
98
  regexp_parser (2.6.1)
99
+ reline (0.4.1)
100
+ io-console (~> 0.5)
72
101
  rexml (3.2.5)
73
102
  rspec (3.10.0)
74
103
  rspec-core (~> 3.10.0)
@@ -98,11 +127,14 @@ GEM
98
127
  rubocop-shopify (2.11.1)
99
128
  rubocop (~> 1.42)
100
129
  ruby-progressbar (1.11.0)
101
- thor (1.2.2)
130
+ ruby2_keywords (0.0.5)
131
+ stringio (3.1.0)
132
+ thor (1.3.0)
102
133
  tzinfo (2.0.6)
103
134
  concurrent-ruby (~> 1.0)
104
135
  unicode-display_width (2.4.2)
105
- zeitwerk (2.6.8)
136
+ webrick (1.8.1)
137
+ zeitwerk (2.6.12)
106
138
 
107
139
  PLATFORMS
108
140
  ruby
data/README.md CHANGED
@@ -22,33 +22,51 @@ Or install it yourself as:
22
22
 
23
23
  ## Usage
24
24
 
25
- Decrypted secrets from `project/config/secrets.json` (or `project/config/secrets.{current_rails_environment}.json` if that doesn't exist) will be accessible via `Rails.application.secrets`. For example:
25
+ Decrypted secrets and credentials from `project/config/secrets.json` (or `project/config/secrets.{current_rails_environment}.json` if that doesn't exist) will be accessible via `Rails.application.secrets`. For example:
26
26
 
27
+ `# project/config/secrets.json`
27
28
  ```json
28
- // project/config/secrets.json
29
29
  { "some_secret": "key" }
30
30
  ```
31
31
 
32
- will be accessible via `Rails.application.secrets.some_secret` or `Rails.application.secrets[:some_secret]` on boot. JSON files are loaded once and contents are `deep_merge`'d into your app's existing rails secrets.
32
+ will be accessible via `Rails.application.secrets.some_secret` or `Rails.application.secrets[:some_secret]` upon booting. JSON files are loaded once and contents are `deep_merge`'d into your app's existing rails secrets.
33
33
 
34
34
  Secrets will also be accessible via `Rails.application.credentials`, e.g. `Rails.application.credentials.some_secret` or `Rails.application.credentials[:some_secret]`. To avoid subtle compatibility issues, if a credential already exists, an error will occur.
35
35
 
36
+ If you set the `EJSON_RAILS_DELETE_SECRETS` environment variable to `true` the gem will automatically delete the secrets from the filesystem after loading them into Rails. It will delete both paths (`project/config/secrets.json` and `project/config/secrets.{current_rails_environment}.json`) if the files exist and are writable.
37
+
36
38
  NOTE: This gem does not decrypt ejson for you. You will need to configure this as part of your deployment pipeline.
37
39
 
38
40
  ## Migrating to credentials
39
41
 
40
42
  Rails 7.1 has deprecated application secrets in favor of credentials. ejson-rails can migrate secrets to application credentials.
41
43
 
42
- Even before running Rails 7.1, you can migrate your secrets in a few steps.
44
+ Even before running Rails 7.1, you can migrate your secrets in several steps:
45
+ 1. Convert secrets from YAML to JSON
46
+ 2. Move any ERB embedded within the YAML to the corresponding environment file
47
+ 3. Use `Rails.application.credentials` in place of Rails secrets
48
+
49
+ ### 1. Convert secrets from config/secrets.yml to config/secrets.json
43
50
 
44
- First, move the development and test secrets to JSON secrets:
51
+ Typically, secrets share the same structure across different environments. While test secrets are often placeholders, development secrets may sometimes use environment variables to communicate with external services.
52
+ In that case, the easiest way to migrate is to use the test secrets in all local environments, and override for development as needed:
45
53
 
46
54
  ```sh-session
47
- bin/rails runner 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
48
- bin/rails runner -e test 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
55
+ # Recommended
56
+ bin/rails runner -e test 'Rails.root.join("config/secrets.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
49
57
  ```
50
58
 
51
- Secrets support ERB while EJSON secrets don't, so if your secrets contain ERB, you will need to move that logic to the environment configurations:
59
+ > [!NOTE]
60
+ > Alternatively, if its necessary to configure distinct values between the development/test environment, you can use separate JSON files for the development/test environments:
61
+ >
62
+ > ```sh-session
63
+ > bin/rails runner 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
64
+ > bin/rails runner -e test 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
65
+ > ```
66
+
67
+ ### 2. Move any ERB into the corresponding environment files
68
+
69
+ YAML supports ERB while JSON secrets do not. If your secrets contain ERB, you will need to move that logic to the corresponding environment file:
52
70
 
53
71
  **Before**:
54
72
 
@@ -61,7 +79,7 @@ development:
61
79
 
62
80
  **After**:
63
81
 
64
- `config/secrets.development.json` as generated by the command above.
82
+ `config/secrets.json` as generated by the *recommended* command above.
65
83
  ```json
66
84
  {
67
85
  "some_external_service": {
@@ -76,15 +94,14 @@ development:
76
94
  Rails.application.configure do
77
95
  # elided
78
96
 
79
- # credential should be set using []=, not the dynamic accessors
80
- credentials[:some_external_service][:api_token] = ENV.fetch("SOME_EXTERNAL_SERVICE_API_TOKEN", "12345")
81
-
82
- # top-level values must be set through `credentials.config`
83
- credentials.config[:something_else_entirely] = ENV.fetch("SOMETHING_ELSE_ENTIRELY", "abc")
97
+ credentials.some_external_service.api_token = ENV.fetch("SOME_EXTERNAL_SERVICE_API_TOKEN", "12345")
98
+ credentials.something_else_entirely = ENV.fetch("SOMETHING_ELSE_ENTIRELY", "abc")
84
99
  end
85
100
  ```
86
101
 
87
- Note that the code accesses the credentials as a Hash with `[]` and `[]=`. This is important because the dynamic accessor methods will set values in a different object, and credentials will behave inconsistently after that:
102
+ #### Rails 7.0 Note
103
+ > [!NOTE]
104
+ > In Rails 7.0, credentials are accessed as a Hash with [] and []=.. This is important because the dynamic accessor methods will set values in a different object, and credentials will behave inconsistently after that:
88
105
 
89
106
  ```ruby
90
107
  Rails.application.credentials.some_external_service.api_token = "foo"
@@ -106,7 +123,9 @@ Rails.application.credentials[:some_external_service][:api_token] = "foo"
106
123
  Rails.application.credentials.some_external_service.api_token # => "12345"
107
124
  ```
108
125
 
109
- You're now ready to use credentials instead of secrets:
126
+ ### 3. Use `Rails.application.credentials`
127
+
128
+ You are now ready to replace Rails secrets with Rails credentials:
110
129
 
111
130
  ```sh-session
112
131
  git ls-files | xargs ruby -pi -e 'gsub("Rails.application.secrets", "Rails.application.credentials")' --
@@ -118,7 +137,7 @@ To avoid the deprecation warning from the use of secrets in `ejson-rails` once y
118
137
  gem 'ejson-rails', require: 'ejson/rails/skip_secrets'
119
138
  ```
120
139
 
121
- This will no longer merge secrets from JSON in `Rails.application.secrets`. This will be the default in the next major version.
140
+ With this require, ejson-rails will no longer merge secrets from JSON into `Rails.application.secrets`. This will be the default in the next major version.
122
141
 
123
142
  ## Development
124
143
 
data/lib/ejson/rails/railtie.rb CHANGED
@@ -20,6 +20,13 @@ module EJSON
20
20
  Rails.application.credentials.config.deep_merge!(secrets) do |key|
21
21
  raise "A credential already exists with the same name: #{key}"
22
22
  end
23
+
24
+ # Delete the loaded JSON files so they are no longer readable by the app.
25
+ if ENV["EJSON_RAILS_DELETE_SECRETS"] == "true"
26
+ json_files.each do |pathname|
27
+ File.delete(pathname) if File.writable?(pathname)
28
+ end
29
+ end
23
30
  end
24
31
 
25
32
  class << self
data/lib/ejson/rails/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module EJSON
4
4
  module Rails
5
- VERSION = "0.2.0"
5
+ VERSION = "0.2.1"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ejson-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gannon McGibbon
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-07-24 00:00:00.000000000 Z
11
+ date: 2023-12-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ejson
@@ -116,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
116
116
  - !ruby/object:Gem::Version
117
117
  version: '0'
118
118
  requirements: []
119
- rubygems_version: 3.4.16
119
+ rubygems_version: 3.4.21
120
120
  signing_key:
121
121
  specification_version: 4
122
122
  summary: Asymmetric keywise encryption for JSON on Rails