ejson-rails 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +62 -30
  3. data/README.md +36 -17
  4. data/lib/ejson/rails/railtie.rb +7 -0
  5. data/lib/ejson/rails/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 31b8ead062c2323086dbdaa211878c04ce3cb3ee3203882ca13efa9b6ba8f3a3
4
- data.tar.gz: 3bc548e0db8eac2a33ccdf849e0fb2dbcddd7fe7ea0a537cab1e6e153fccb01e
3
+ metadata.gz: 69f79981ad2617db5951c38bdef5d9fb77dedd27e52378f3fa460e5af89435b0
4
+ data.tar.gz: 7ded0b73fc84ae62c508afa5e2c185f85edd83a12872a326c11a9df91292b577
5
5
  SHA512:
6
- metadata.gz: 03b463b72d2a9efdf4e8e9f461a4146e60c52ba53a4d0c17554b4ff1582aa34d332310c70f5f73061279486963f199900002d29b23356fc84411b2e230913a58
7
- data.tar.gz: 42f3dc896ce52a593c67e65fe7c72dd5b6ec4d3cc22690350cd9a964ee06c6799cc362390e938f8e1dbcee01259c48195aed2632f84342460ab089c9476ef018
6
+ metadata.gz: bbe4e714ed9a6f110a781e8f8e1fdde6a26695f949798dd8eabdd9ba59a5321a1928dc6d6b2d6f9b685c89232873b4fa00dbfac0daefd10acc7dee09baf8f2c2
7
+ data.tar.gz: 15e2abb7e802deeaa5358ec6cd10f52576a4402bf490bcae5121152fa1cde54d29cafd2899ccb4244274dd809f61b09331ff7e1d4d77dde38ce0fa9813f9ae1c
data/Gemfile.lock CHANGED
@@ -1,74 +1,103 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ejson-rails (0.2.0)
4
+ ejson-rails (0.2.1)
5
5
  ejson
6
6
  railties (>= 5.2)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actionpack (7.0.6)
12
- actionview (= 7.0.6)
13
- activesupport (= 7.0.6)
14
- rack (~> 2.0, >= 2.2.4)
11
+ actionpack (7.1.2)
12
+ actionview (= 7.1.2)
13
+ activesupport (= 7.1.2)
14
+ nokogiri (>= 1.8.5)
15
+ racc
16
+ rack (>= 2.2.4)
17
+ rack-session (>= 1.0.1)
15
18
  rack-test (>= 0.6.3)
16
- rails-dom-testing (~> 2.0)
17
- rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
- actionview (7.0.6)
19
- activesupport (= 7.0.6)
19
+ rails-dom-testing (~> 2.2)
20
+ rails-html-sanitizer (~> 1.6)
21
+ actionview (7.1.2)
22
+ activesupport (= 7.1.2)
20
23
  builder (~> 3.1)
21
- erubi (~> 1.4)
22
- rails-dom-testing (~> 2.0)
23
- rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
- activesupport (7.0.6)
24
+ erubi (~> 1.11)
25
+ rails-dom-testing (~> 2.2)
26
+ rails-html-sanitizer (~> 1.6)
27
+ activesupport (7.1.2)
28
+ base64
29
+ bigdecimal
25
30
  concurrent-ruby (~> 1.0, >= 1.0.2)
31
+ connection_pool (>= 2.2.5)
32
+ drb
26
33
  i18n (>= 1.6, < 2)
27
34
  minitest (>= 5.1)
35
+ mutex_m
28
36
  tzinfo (~> 2.0)
29
37
  ast (2.4.2)
38
+ base64 (0.2.0)
39
+ bigdecimal (3.1.4)
30
40
  builder (3.2.4)
31
41
  concurrent-ruby (1.2.2)
42
+ connection_pool (2.4.1)
32
43
  crass (1.0.6)
33
44
  diff-lcs (1.4.4)
34
- ejson (1.3.1)
45
+ drb (2.2.0)
46
+ ruby2_keywords
47
+ ejson (1.4.1)
35
48
  erubi (1.12.0)
36
49
  i18n (1.14.1)
37
50
  concurrent-ruby (~> 1.0)
51
+ io-console (0.6.0)
52
+ irb (1.10.0)
53
+ rdoc
54
+ reline (>= 0.3.8)
38
55
  json (2.6.3)
39
- loofah (2.21.3)
56
+ loofah (2.22.0)
40
57
  crass (~> 1.0.2)
41
58
  nokogiri (>= 1.12.0)
42
- method_source (1.0.0)
43
- mini_portile2 (2.8.4)
44
- minitest (5.18.1)
45
- nokogiri (1.15.3)
59
+ mini_portile2 (2.8.5)
60
+ minitest (5.20.0)
61
+ mutex_m (0.2.0)
62
+ nokogiri (1.15.5)
46
63
  mini_portile2 (~> 2.8.2)
47
64
  racc (~> 1.4)
48
65
  parallel (1.22.1)
49
66
  parser (3.2.0.0)
50
67
  ast (~> 2.4.1)
51
- racc (1.7.1)
52
- rack (2.2.7)
68
+ psych (5.1.1.1)
69
+ stringio
70
+ racc (1.7.3)
71
+ rack (3.0.8)
72
+ rack-session (2.0.0)
73
+ rack (>= 3.0.0)
53
74
  rack-test (2.1.0)
54
75
  rack (>= 1.3)
55
- rails-dom-testing (2.1.1)
76
+ rackup (2.1.0)
77
+ rack (>= 3)
78
+ webrick (~> 1.8)
79
+ rails-dom-testing (2.2.0)
56
80
  activesupport (>= 5.0.0)
57
81
  minitest
58
82
  nokogiri (>= 1.6)
59
83
  rails-html-sanitizer (1.6.0)
60
84
  loofah (~> 2.21)
61
85
  nokogiri (~> 1.14)
62
- railties (7.0.6)
63
- actionpack (= 7.0.6)
64
- activesupport (= 7.0.6)
65
- method_source
86
+ railties (7.1.2)
87
+ actionpack (= 7.1.2)
88
+ activesupport (= 7.1.2)
89
+ irb
90
+ rackup (>= 1.0.0)
66
91
  rake (>= 12.2)
67
- thor (~> 1.0)
68
- zeitwerk (~> 2.5)
92
+ thor (~> 1.0, >= 1.2.2)
93
+ zeitwerk (~> 2.6)
69
94
  rainbow (3.1.1)
70
95
  rake (13.0.6)
96
+ rdoc (6.6.0)
97
+ psych (>= 4.0.0)
71
98
  regexp_parser (2.6.1)
99
+ reline (0.4.1)
100
+ io-console (~> 0.5)
72
101
  rexml (3.2.5)
73
102
  rspec (3.10.0)
74
103
  rspec-core (~> 3.10.0)
@@ -98,11 +127,14 @@ GEM
98
127
  rubocop-shopify (2.11.1)
99
128
  rubocop (~> 1.42)
100
129
  ruby-progressbar (1.11.0)
101
- thor (1.2.2)
130
+ ruby2_keywords (0.0.5)
131
+ stringio (3.1.0)
132
+ thor (1.3.0)
102
133
  tzinfo (2.0.6)
103
134
  concurrent-ruby (~> 1.0)
104
135
  unicode-display_width (2.4.2)
105
- zeitwerk (2.6.8)
136
+ webrick (1.8.1)
137
+ zeitwerk (2.6.12)
106
138
 
107
139
  PLATFORMS
108
140
  ruby
data/README.md CHANGED
@@ -22,33 +22,51 @@ Or install it yourself as:
22
22
 
23
23
  ## Usage
24
24
 
25
- Decrypted secrets from `project/config/secrets.json` (or `project/config/secrets.{current_rails_environment}.json` if that doesn't exist) will be accessible via `Rails.application.secrets`. For example:
25
+ Decrypted secrets and credentials from `project/config/secrets.json` (or `project/config/secrets.{current_rails_environment}.json` if that doesn't exist) will be accessible via `Rails.application.secrets`. For example:
26
26
 
27
+ `# project/config/secrets.json`
27
28
  ```json
28
- // project/config/secrets.json
29
29
  { "some_secret": "key" }
30
30
  ```
31
31
 
32
- will be accessible via `Rails.application.secrets.some_secret` or `Rails.application.secrets[:some_secret]` on boot. JSON files are loaded once and contents are `deep_merge`'d into your app's existing rails secrets.
32
+ will be accessible via `Rails.application.secrets.some_secret` or `Rails.application.secrets[:some_secret]` upon booting. JSON files are loaded once and contents are `deep_merge`'d into your app's existing rails secrets.
33
33
 
34
34
  Secrets will also be accessible via `Rails.application.credentials`, e.g. `Rails.application.credentials.some_secret` or `Rails.application.credentials[:some_secret]`. To avoid subtle compatibility issues, if a credential already exists, an error will occur.
35
35
 
36
+ If you set the `EJSON_RAILS_DELETE_SECRETS` environment variable to `true` the gem will automatically delete the secrets from the filesystem after loading them into Rails. It will delete both paths (`project/config/secrets.json` and `project/config/secrets.{current_rails_environment}.json`) if the files exist and are writable.
37
+
36
38
  NOTE: This gem does not decrypt ejson for you. You will need to configure this as part of your deployment pipeline.
37
39
 
38
40
  ## Migrating to credentials
39
41
 
40
42
  Rails 7.1 has deprecated application secrets in favor of credentials. ejson-rails can migrate secrets to application credentials.
41
43
 
42
- Even before running Rails 7.1, you can migrate your secrets in a few steps.
44
+ Even before running Rails 7.1, you can migrate your secrets in several steps:
45
+ 1. Convert secrets from YAML to JSON
46
+ 2. Move any ERB embedded within the YAML to the corresponding environment file
47
+ 3. Use `Rails.application.credentials` in place of Rails secrets
48
+
49
+ ### 1. Convert secrets from config/secrets.yml to config/secrets.json
43
50
 
44
- First, move the development and test secrets to JSON secrets:
51
+ Typically, secrets share the same structure across different environments. While test secrets are often placeholders, development secrets may sometimes use environment variables to communicate with external services.
52
+ In that case, the easiest way to migrate is to use the test secrets in all local environments, and override for development as needed:
45
53
 
46
54
  ```sh-session
47
- bin/rails runner 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
48
- bin/rails runner -e test 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
55
+ # Recommended
56
+ bin/rails runner -e test 'Rails.root.join("config/secrets.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
49
57
  ```
50
58
 
51
- Secrets support ERB while EJSON secrets don't, so if your secrets contain ERB, you will need to move that logic to the environment configurations:
59
+ > [!NOTE]
60
+ > Alternatively, if its necessary to configure distinct values between the development/test environment, you can use separate JSON files for the development/test environments:
61
+ >
62
+ > ```sh-session
63
+ > bin/rails runner 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
64
+ > bin/rails runner -e test 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
65
+ > ```
66
+
67
+ ### 2. Move any ERB into the corresponding environment files
68
+
69
+ YAML supports ERB while JSON secrets do not. If your secrets contain ERB, you will need to move that logic to the corresponding environment file:
52
70
 
53
71
  **Before**:
54
72
 
@@ -61,7 +79,7 @@ development:
61
79
 
62
80
  **After**:
63
81
 
64
- `config/secrets.development.json` as generated by the command above.
82
+ `config/secrets.json` as generated by the *recommended* command above.
65
83
  ```json
66
84
  {
67
85
  "some_external_service": {
@@ -76,15 +94,14 @@ development:
76
94
  Rails.application.configure do
77
95
  # elided
78
96
 
79
- # credential should be set using []=, not the dynamic accessors
80
- credentials[:some_external_service][:api_token] = ENV.fetch("SOME_EXTERNAL_SERVICE_API_TOKEN", "12345")
81
-
82
- # top-level values must be set through `credentials.config`
83
- credentials.config[:something_else_entirely] = ENV.fetch("SOMETHING_ELSE_ENTIRELY", "abc")
97
+ credentials.some_external_service.api_token = ENV.fetch("SOME_EXTERNAL_SERVICE_API_TOKEN", "12345")
98
+ credentials.something_else_entirely = ENV.fetch("SOMETHING_ELSE_ENTIRELY", "abc")
84
99
  end
85
100
  ```
86
101
 
87
- Note that the code accesses the credentials as a Hash with `[]` and `[]=`. This is important because the dynamic accessor methods will set values in a different object, and credentials will behave inconsistently after that:
102
+ #### Rails 7.0 Note
103
+ > [!NOTE]
104
+ > In Rails 7.0, credentials are accessed as a Hash with [] and []=.. This is important because the dynamic accessor methods will set values in a different object, and credentials will behave inconsistently after that:
88
105
 
89
106
  ```ruby
90
107
  Rails.application.credentials.some_external_service.api_token = "foo"
@@ -106,7 +123,9 @@ Rails.application.credentials[:some_external_service][:api_token] = "foo"
106
123
  Rails.application.credentials.some_external_service.api_token # => "12345"
107
124
  ```
108
125
 
109
- You're now ready to use credentials instead of secrets:
126
+ ### 3. Use `Rails.application.credentials`
127
+
128
+ You are now ready to replace Rails secrets with Rails credentials:
110
129
 
111
130
  ```sh-session
112
131
  git ls-files | xargs ruby -pi -e 'gsub("Rails.application.secrets", "Rails.application.credentials")' --
@@ -118,7 +137,7 @@ To avoid the deprecation warning from the use of secrets in `ejson-rails` once y
118
137
  gem 'ejson-rails', require: 'ejson/rails/skip_secrets'
119
138
  ```
120
139
 
121
- This will no longer merge secrets from JSON in `Rails.application.secrets`. This will be the default in the next major version.
140
+ With this require, ejson-rails will no longer merge secrets from JSON into `Rails.application.secrets`. This will be the default in the next major version.
122
141
 
123
142
  ## Development
124
143
 
data/lib/ejson/rails/railtie.rb CHANGED
@@ -20,6 +20,13 @@ module EJSON
20
20
  Rails.application.credentials.config.deep_merge!(secrets) do |key|
21
21
  raise "A credential already exists with the same name: #{key}"
22
22
  end
23
+
24
+ # Delete the loaded JSON files so they are no longer readable by the app.
25
+ if ENV["EJSON_RAILS_DELETE_SECRETS"] == "true"
26
+ json_files.each do |pathname|
27
+ File.delete(pathname) if File.writable?(pathname)
28
+ end
29
+ end
23
30
  end
24
31
 
25
32
  class << self
data/lib/ejson/rails/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module EJSON
4
4
  module Rails
5
- VERSION = "0.2.0"
5
+ VERSION = "0.2.1"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ejson-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gannon McGibbon
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-07-24 00:00:00.000000000 Z
11
+ date: 2023-12-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ejson
@@ -116,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
116
116
  - !ruby/object:Gem::Version
117
117
  version: '0'
118
118
  requirements: []
119
- rubygems_version: 3.4.16
119
+ rubygems_version: 3.4.21
120
120
  signing_key:
121
121
  specification_version: 4
122
122
  summary: Asymmetric keywise encryption for JSON on Rails