eyaml 0.4.3 → 0.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -0
- data/lib/eyaml/railtie.rb +25 -22
- data/lib/eyaml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e41f45dc204d0eca7c3f2dfa63a08c048937448fc1f9bda4adc1e208a6ccc08c
|
4
|
+
data.tar.gz: 46af6f44adf19aa9a5f79c049f0c95478337db8a644717a610b0330af167b1bf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '082086ac47e16c02435e404cbfc9454ff761811c39f02618cdbe6cbf4afc67cc0c523919549fe467903dfb4c504b83a444d1f445af6a42e82110698d415ef61e'
|
7
|
+
data.tar.gz: 253fb1d949046d0cc7a79b2f33a8e9e5fa02fe13b7d82cc15a887f0452a262401f314a533f34dd642bbbb85bec8dccd6f417f0d4f834d3e90f21ef7cf2dd80aa
|
data/README.md
CHANGED
@@ -114,6 +114,9 @@ Instead of needing a private key locally, you can provide it to EYAML by setting
|
|
114
114
|
|
115
115
|
If you put your rails master key encrypted in the eyaml file, make sure you don't have another `master.key` file somewhere, since that can interfere.
|
116
116
|
|
117
|
+
When setting the SECRET_KEY_BASE_DUMMY environment variable, the secrets/credentials loading will be skipped.
|
118
|
+
This can be handy to for example do an asset precompilation step in production where you don't need any secrets/credentials.
|
119
|
+
|
117
120
|
### Example setup
|
118
121
|
|
119
122
|
To add encryption + credentials to a rails project do the following things:
|
data/lib/eyaml/railtie.rb
CHANGED
@@ -12,34 +12,37 @@ module EYAML
|
|
12
12
|
end
|
13
13
|
|
14
14
|
config.before_configuration do
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
15
|
+
unless ENV.fetch("SECRET_KEY_BASE_DUMMY", false)
|
16
|
+
# Allow rails to run without loading the credentials
|
17
|
+
if File.exist?(Rails.root.join("config", "master.key"))
|
18
|
+
raise ConflictError, "A config/master.key has been found. The rails credentials lookup conflicts with eyaml. Please remove rails credentials management by removing the master.key file to keep using eyaml."
|
19
|
+
end
|
20
|
+
secret_files_present = Dir.glob(auth_files(:secrets)).any?
|
21
|
+
credential_files_present = Dir.glob(auth_files(:credentials)).any?
|
20
22
|
|
21
|
-
|
22
|
-
:credentials
|
23
|
-
else
|
24
|
-
if credential_files_present
|
23
|
+
secrets_or_credentials = if Rails.version >= "7.2"
|
25
24
|
:credentials
|
26
|
-
|
27
|
-
|
25
|
+
else
|
26
|
+
if credential_files_present
|
27
|
+
:credentials
|
28
|
+
elsif secret_files_present
|
29
|
+
:secrets
|
30
|
+
end
|
28
31
|
end
|
29
|
-
end
|
30
32
|
|
31
|
-
|
32
|
-
|
33
|
+
auth_files(secrets_or_credentials).each do |file|
|
34
|
+
next unless valid?(file)
|
33
35
|
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
36
|
+
# If private_key is nil (i.e. when $EJSON_PRIVATE_KEY is not set), EYAML will search
|
37
|
+
# for a public/private key in the key directory (either $EJSON_KEYDIR, if set, or /opt/ejson/keys)
|
38
|
+
cipherdata = YAML.load_file(file)
|
39
|
+
secrets = EYAML.decrypt(cipherdata, private_key: ENV[PRIVATE_KEY_ENV_VAR])
|
40
|
+
.except("_public_key")
|
41
|
+
secrets = EYAML::Util.with_deep_deundescored_keys(secrets)
|
42
|
+
.deep_symbolize_keys
|
41
43
|
|
42
|
-
|
44
|
+
break Rails.application.send(secrets_or_credentials).deep_merge!(secrets)
|
45
|
+
end
|
43
46
|
end
|
44
47
|
end
|
45
48
|
|
data/lib/eyaml/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: eyaml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Emil Stolarsky
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-08-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|