RubyGems - eyaml - Versions diffs - 0.2.0 → 0.4.0 - Mend

eyaml 0.2.0 → 0.4.0

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4f178a1f6b7fb06fde94557868732ec3b13a6d90f5682f2505f29c7c3699dfe
-  data.tar.gz: 63434158bf5b56334cefbf3d73da83e357a39f02e17c7aaad2e63d0622ee70b5
+  metadata.gz: 99ad0ac7614ce464c44623e271371bad722452f5e0fc1d8fd1e0c60d7516b715
+  data.tar.gz: 83e6571f04e5552ef626466dcad9deb8201c091225867ba1e5bd7807473948de
 SHA512:
-  metadata.gz: 945cb549642f915c0ecb60c2fc55709dced0e4805b7e3367657cb2daee7242995d8b09ab6fd0546e58334b557bd6bcb9ca03f8e13d3f1484c71d90ea0ba47b91
-  data.tar.gz: db020b6d97d9f8296d8ec8c51101d2db12deb04535c89bec2949a256a6fb2e0854a910e9e08b3b160f265878b68594040d41ace1263ad49477dcecdddf03baf2
+  metadata.gz: 8bed58a4aff4c38b7282528cf39bc34446e4c9c203ebc14ce690a5b265c4bc9dff737c4ad5af73997fdec15c75413a38bc84d6b40a15bf8f254f942084585b29
+  data.tar.gz: b220b9015b016ce95411304ad702ba618893deaed0a3c5eca9ee98c2e7a6166823df1127d457af9ec28a160fdde9a1bfc79b074ca7bca2e9955ec1c7e0846912

data/.github/workflows/test.yml CHANGED Viewed

@@ -7,7 +7,7 @@ jobs:
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.1.0
       - name: Run with fresh bundle
         run: rm Gemfile.lock

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 3.0.0
1	+ 3.2.2

data/Gemfile.lock CHANGED Viewed

@@ -1,92 +1,128 @@
 PATH
   remote: .
   specs:
-    eyaml (0.2.0)
+    eyaml (0.4.0)
       rbnacl (~> 7.1)
       thor (~> 1.1)
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.0.1)
-      actionview (= 7.0.1)
-      activesupport (= 7.0.1)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.1.3)
+      actionview (= 7.1.3)
+      activesupport (= 7.1.3)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.1)
-      activesupport (= 7.0.1)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actionview (7.1.3)
+      activesupport (= 7.1.3)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.1)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activesupport (7.1.3)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
+    base64 (0.2.0)
+    bigdecimal (3.1.6)
     builder (3.2.4)
     coderay (1.1.3)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.2.3)
+    connection_pool (2.4.1)
     crass (1.0.6)
     diff-lcs (1.5.0)
-    erubi (1.10.0)
-    fakefs (1.4.0)
+    drb (2.2.0)
+      ruby2_keywords
+    erubi (1.12.0)
+    fakefs (1.8.0)
     ffi (1.15.5)
-    i18n (1.8.11)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    loofah (2.13.0)
+    io-console (0.7.2)
+    irb (1.11.1)
+      rdoc
+      reline (>= 0.4.2)
+    loofah (2.22.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     method_source (1.0.0)
-    minitest (5.15.0)
-    nokogiri (1.13.0-arm64-darwin)
+    minitest (5.21.2)
+    mutex_m (0.2.0)
+    nokogiri (1.16.0-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.13.0-x86_64-linux)
+    nokogiri (1.16.0-x86_64-linux)
       racc (~> 1.4)
-    pry (0.14.1)
+    pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    racc (1.6.0)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    psych (5.1.2)
+      stringio
+    racc (1.7.3)
+    rack (3.0.8)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
-      loofah (~> 2.3)
-    railties (7.0.1)
-      actionpack (= 7.0.1)
-      activesupport (= 7.0.1)
-      method_source
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.1.3)
+      actionpack (= 7.1.3)
+      activesupport (= 7.1.3)
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
-    rake (13.0.6)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rake (13.1.0)
     rbnacl (7.1.1)
       ffi
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rdoc (6.6.2)
+      psych (>= 4.0.0)
+    reline (0.4.2)
+      io-console (~> 0.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.3)
-    thor (1.2.1)
-    tzinfo (2.0.4)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.1)
+    ruby2_keywords (0.0.5)
+    stringio (3.1.0)
+    thor (1.3.0)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    zeitwerk (2.5.3)
+    webrick (1.8.1)
+    zeitwerk (2.6.12)
 PLATFORMS
   arm64-darwin-20
+  arm64-darwin-21
   x86_64-linux
 DEPENDENCIES

data/README.md CHANGED Viewed

@@ -70,7 +70,15 @@ secret: password
 #### `eyaml keygen`
-Generates the keypair for the encryption flow to work. The public key must be placed into the file at `_public_key` and the private key must be saved in the default key directory (`/opt/ejson/keys`) with the filename being the public key and the contents, the private key, a key directory you'll provide later, or just pass the `--write` flag for `eyaml` to handle it for you.
+Generates the keypair for the encryption flow to work. The public key must be placed into the file at `_public_key` like this:
+e.g.
+```shell
+-> % cat config/credentials.development.eyaml
+_public_key: a3dbdef9efd1e52a34588de56a6cf9b03bbc2aaf0edda145cfbd9a6370a0a849
+my_secret: 85d1fca99d98c4e7b83b868f75f809e1e33346317b0c354b593cdcdc8793ad4e
+```
+The private key must be saved in the default key directory (`/opt/ejson/keys`) with the filename being the public key and the contents, the private key, a key directory you'll provide later, or just pass the `--write` flag for `eyaml` to handle it for you.
 ```shell
 -> % eyaml keygen
@@ -88,9 +96,14 @@ b01592942ba10f152bcf7c6b6734f6392554c578ff24cebcc62f9e3da6fcf302
 ### Rails
-`eyaml` comes with baked in Rails support. It will search for a secrets file in `config/`, decrypt, and load the first valid one it finds.
+`eyaml` comes with baked in Rails support. It will search for a secrets or credentials file in `config/`, decrypt, and load the first valid one it finds.
+Credential files have priority over secrets before rails 7.2:
+`credentials.{eyaml|eyml|ejson}` (e.g. `config/credentials.eyaml`) then `credentials.$env.{eyaml|eyml|ejson}` (e.g. `credentials.production.eyml`).
+Then if no credentials are found it will look for a secrets file:
 `secrets.{eyaml|eyml|ejson}` (e.g. `config/secrets.eyaml`) then `secrets.$env.{eyaml|eyml|ejson}` (e.g. `secrets.production.eyml`).
+Note: From rails 7.2 onwards secrets are deprecated and eyaml will only look for credential files.
 Instead of needing a private key locally, you can provide it to EYAML by setting `EJSON_PRIVATE_KEY` and it'll be automatically used for decrypting the secrets file.
 ### Apple M1 Support

data/lib/eyaml/cli.rb CHANGED Viewed

@@ -56,9 +56,9 @@ module EYAML
       puts "Private Key: #{private_key}" unless options.fetch(:write)
     end
-    map e: :encrypt
-    map d: :decrypt
-    map g: :keygen
+    map "e" => "encrypt"
+    map "d" => "decrypt"
+    map "g" => "keygen"
     def self.exit_on_failure?
       true

data/lib/eyaml/railtie.rb CHANGED Viewed

@@ -9,7 +9,20 @@ module EYAML
       PRIVATE_KEY_ENV_VAR = "EJSON_PRIVATE_KEY"
       config.before_configuration do
-        secrets_files.each do |file|
+        secret_files_present = Dir.glob(auth_files(:secrets)).any?
+        credential_files_present = Dir.glob(auth_files(:credentials)).any?
+        secrets_or_credentials = if Rails.version >= "7.2"
+          :credentials
+        else
+          if credential_files_present
+            :credentials
+          elsif secret_files_present
+            :secrets
+          end
+        end
+        auth_files(secrets_or_credentials).each do |file|
           next unless valid?(file)
           # If private_key is nil (i.e. when $EJSON_PRIVATE_KEY is not set), EYAML will search
@@ -19,7 +32,7 @@ module EYAML
             .deep_symbolize_keys
             .except(:_public_key)
-          break Rails.application.secrets.deep_merge!(secrets)
+          break Rails.application.send(secrets_or_credentials).deep_merge!(secrets)
         end
       end
@@ -30,13 +43,13 @@ module EYAML
           pathname.exist?
         end
-        def secrets_files
-          EYAML::SUPPORTED_EXTENSIONS.map do |ext|
+        def auth_files(secrets_or_credentials)
+          EYAML::SUPPORTED_EXTENSIONS.flat_map do |ext|
             [
-              Rails.root.join("config", "secrets.#{ext}"),
-              Rails.root.join("config", "secrets.#{Rails.env}.#{ext}")
+              Rails.root.join("config", "#{secrets_or_credentials}.#{ext}"),
+              Rails.root.join("config", "#{secrets_or_credentials}.#{Rails.env}.#{ext}")
             ]
-          end.flatten
+          end
         end
       end
     end

data/lib/eyaml/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module EYAML
-  VERSION = "0.2.0"
+  VERSION = "0.4.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: eyaml
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Emil Stolarsky
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-11 00:00:00.000000000 Z
+date: 2024-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -115,7 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.4.21
 signing_key:
 specification_version: 4
 summary: Asymmetric keywise encryption for YAML