eyaml 0.3.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +1 -1
  3. data/.ruby-version +1 -1
  4. data/Gemfile.lock +87 -52
  5. data/README.md +15 -2
  6. data/lib/eyaml/railtie.rb +20 -7
  7. data/lib/eyaml/version.rb +1 -1
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e4b127ccafc6ab14c9da7266669041481c0403b562d95bb7cc672daab58c48b
4
- data.tar.gz: 2489ecf885a7fbb225b4c50da2fe99cdea277c548268cd81df372d149585e0ac
3
+ metadata.gz: 99ad0ac7614ce464c44623e271371bad722452f5e0fc1d8fd1e0c60d7516b715
4
+ data.tar.gz: 83e6571f04e5552ef626466dcad9deb8201c091225867ba1e5bd7807473948de
5
5
  SHA512:
6
- metadata.gz: 974db15344c1a5ba71d3691b6e99f70d39aeb2d74f71c9bd0e9ee372b8ccac392af538e7516457c692a824385348cea3102e4e5100f57814136d234d598e2793
7
- data.tar.gz: dbcaf11b7dfdf87276f4e9a70f13132d7910b2f69544f16238d6f51354ea03ac2994def24251aec36dd7b37fbe822c5c1a8cb6ded423572191e7e15f7433b701
6
+ metadata.gz: 8bed58a4aff4c38b7282528cf39bc34446e4c9c203ebc14ce690a5b265c4bc9dff737c4ad5af73997fdec15c75413a38bc84d6b40a15bf8f254f942084585b29
7
+ data.tar.gz: b220b9015b016ce95411304ad702ba618893deaed0a3c5eca9ee98c2e7a6166823df1127d457af9ec28a160fdde9a1bfc79b074ca7bca2e9955ec1c7e0846912
data/.github/workflows/test.yml CHANGED
@@ -7,7 +7,7 @@ jobs:
7
7
 
8
8
  steps:
9
9
  - name: Checkout code
10
- uses: actions/checkout@v2
10
+ uses: actions/checkout@v3.1.0
11
11
 
12
12
  - name: Run with fresh bundle
13
13
  run: rm Gemfile.lock
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.0.0
1
+ 3.2.2
data/Gemfile.lock CHANGED
@@ -1,89 +1,124 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- eyaml (0.3.0)
4
+ eyaml (0.4.0)
5
5
  rbnacl (~> 7.1)
6
6
  thor (~> 1.1)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actionpack (7.0.1)
12
- actionview (= 7.0.1)
13
- activesupport (= 7.0.1)
14
- rack (~> 2.0, >= 2.2.0)
11
+ actionpack (7.1.3)
12
+ actionview (= 7.1.3)
13
+ activesupport (= 7.1.3)
14
+ nokogiri (>= 1.8.5)
15
+ racc
16
+ rack (>= 2.2.4)
17
+ rack-session (>= 1.0.1)
15
18
  rack-test (>= 0.6.3)
16
- rails-dom-testing (~> 2.0)
17
- rails-html-sanitizer (~> 1.0, >= 1.2.0)
18
- actionview (7.0.1)
19
- activesupport (= 7.0.1)
19
+ rails-dom-testing (~> 2.2)
20
+ rails-html-sanitizer (~> 1.6)
21
+ actionview (7.1.3)
22
+ activesupport (= 7.1.3)
20
23
  builder (~> 3.1)
21
- erubi (~> 1.4)
22
- rails-dom-testing (~> 2.0)
23
- rails-html-sanitizer (~> 1.1, >= 1.2.0)
24
- activesupport (7.0.1)
24
+ erubi (~> 1.11)
25
+ rails-dom-testing (~> 2.2)
26
+ rails-html-sanitizer (~> 1.6)
27
+ activesupport (7.1.3)
28
+ base64
29
+ bigdecimal
25
30
  concurrent-ruby (~> 1.0, >= 1.0.2)
31
+ connection_pool (>= 2.2.5)
32
+ drb
26
33
  i18n (>= 1.6, < 2)
27
34
  minitest (>= 5.1)
35
+ mutex_m
28
36
  tzinfo (~> 2.0)
37
+ base64 (0.2.0)
38
+ bigdecimal (3.1.6)
29
39
  builder (3.2.4)
30
40
  coderay (1.1.3)
31
- concurrent-ruby (1.1.9)
41
+ concurrent-ruby (1.2.3)
42
+ connection_pool (2.4.1)
32
43
  crass (1.0.6)
33
44
  diff-lcs (1.5.0)
34
- erubi (1.10.0)
35
- fakefs (1.4.0)
45
+ drb (2.2.0)
46
+ ruby2_keywords
47
+ erubi (1.12.0)
48
+ fakefs (1.8.0)
36
49
  ffi (1.15.5)
37
- i18n (1.8.11)
50
+ i18n (1.14.1)
38
51
  concurrent-ruby (~> 1.0)
39
- loofah (2.13.0)
52
+ io-console (0.7.2)
53
+ irb (1.11.1)
54
+ rdoc
55
+ reline (>= 0.4.2)
56
+ loofah (2.22.0)
40
57
  crass (~> 1.0.2)
41
- nokogiri (>= 1.5.9)
58
+ nokogiri (>= 1.12.0)
42
59
  method_source (1.0.0)
43
- minitest (5.15.0)
44
- nokogiri (1.13.4-arm64-darwin)
60
+ minitest (5.21.2)
61
+ mutex_m (0.2.0)
62
+ nokogiri (1.16.0-arm64-darwin)
45
63
  racc (~> 1.4)
46
- nokogiri (1.13.4-x86_64-linux)
64
+ nokogiri (1.16.0-x86_64-linux)
47
65
  racc (~> 1.4)
48
- pry (0.14.1)
66
+ pry (0.14.2)
49
67
  coderay (~> 1.1)
50
68
  method_source (~> 1.0)
51
- racc (1.6.0)
52
- rack (2.2.3)
53
- rack-test (1.1.0)
54
- rack (>= 1.0, < 3)
55
- rails-dom-testing (2.0.3)
56
- activesupport (>= 4.2.0)
69
+ psych (5.1.2)
70
+ stringio
71
+ racc (1.7.3)
72
+ rack (3.0.8)
73
+ rack-session (2.0.0)
74
+ rack (>= 3.0.0)
75
+ rack-test (2.1.0)
76
+ rack (>= 1.3)
77
+ rackup (2.1.0)
78
+ rack (>= 3)
79
+ webrick (~> 1.8)
80
+ rails-dom-testing (2.2.0)
81
+ activesupport (>= 5.0.0)
82
+ minitest
57
83
  nokogiri (>= 1.6)
58
- rails-html-sanitizer (1.4.2)
59
- loofah (~> 2.3)
60
- railties (7.0.1)
61
- actionpack (= 7.0.1)
62
- activesupport (= 7.0.1)
63
- method_source
84
+ rails-html-sanitizer (1.6.0)
85
+ loofah (~> 2.21)
86
+ nokogiri (~> 1.14)
87
+ railties (7.1.3)
88
+ actionpack (= 7.1.3)
89
+ activesupport (= 7.1.3)
90
+ irb
91
+ rackup (>= 1.0.0)
64
92
  rake (>= 12.2)
65
- thor (~> 1.0)
66
- zeitwerk (~> 2.5)
67
- rake (13.0.6)
93
+ thor (~> 1.0, >= 1.2.2)
94
+ zeitwerk (~> 2.6)
95
+ rake (13.1.0)
68
96
  rbnacl (7.1.1)
69
97
  ffi
70
- rspec (3.10.0)
71
- rspec-core (~> 3.10.0)
72
- rspec-expectations (~> 3.10.0)
73
- rspec-mocks (~> 3.10.0)
74
- rspec-core (3.10.1)
75
- rspec-support (~> 3.10.0)
76
- rspec-expectations (3.10.1)
98
+ rdoc (6.6.2)
99
+ psych (>= 4.0.0)
100
+ reline (0.4.2)
101
+ io-console (~> 0.5)
102
+ rspec (3.12.0)
103
+ rspec-core (~> 3.12.0)
104
+ rspec-expectations (~> 3.12.0)
105
+ rspec-mocks (~> 3.12.0)
106
+ rspec-core (3.12.2)
107
+ rspec-support (~> 3.12.0)
108
+ rspec-expectations (3.12.3)
77
109
  diff-lcs (>= 1.2.0, < 2.0)
78
- rspec-support (~> 3.10.0)
79
- rspec-mocks (3.10.2)
110
+ rspec-support (~> 3.12.0)
111
+ rspec-mocks (3.12.6)
80
112
  diff-lcs (>= 1.2.0, < 2.0)
81
- rspec-support (~> 3.10.0)
82
- rspec-support (3.10.3)
83
- thor (1.2.1)
84
- tzinfo (2.0.4)
113
+ rspec-support (~> 3.12.0)
114
+ rspec-support (3.12.1)
115
+ ruby2_keywords (0.0.5)
116
+ stringio (3.1.0)
117
+ thor (1.3.0)
118
+ tzinfo (2.0.6)
85
119
  concurrent-ruby (~> 1.0)
86
- zeitwerk (2.5.3)
120
+ webrick (1.8.1)
121
+ zeitwerk (2.6.12)
87
122
 
88
123
  PLATFORMS
89
124
  arm64-darwin-20
data/README.md CHANGED
@@ -70,7 +70,15 @@ secret: password
70
70
 
71
71
  #### `eyaml keygen`
72
72
 
73
- Generates the keypair for the encryption flow to work. The public key must be placed into the file at `_public_key` and the private key must be saved in the default key directory (`/opt/ejson/keys`) with the filename being the public key and the contents, the private key, a key directory you'll provide later, or just pass the `--write` flag for `eyaml` to handle it for you.
73
+ Generates the keypair for the encryption flow to work. The public key must be placed into the file at `_public_key` like this:
74
+ e.g.
75
+ ```shell
76
+ -> % cat config/credentials.development.eyaml
77
+ _public_key: a3dbdef9efd1e52a34588de56a6cf9b03bbc2aaf0edda145cfbd9a6370a0a849
78
+ my_secret: 85d1fca99d98c4e7b83b868f75f809e1e33346317b0c354b593cdcdc8793ad4e
79
+ ```
80
+
81
+ The private key must be saved in the default key directory (`/opt/ejson/keys`) with the filename being the public key and the contents, the private key, a key directory you'll provide later, or just pass the `--write` flag for `eyaml` to handle it for you.
74
82
 
75
83
  ```shell
76
84
  -> % eyaml keygen
@@ -88,9 +96,14 @@ b01592942ba10f152bcf7c6b6734f6392554c578ff24cebcc62f9e3da6fcf302
88
96
 
89
97
  ### Rails
90
98
 
91
- `eyaml` comes with baked in Rails support. It will search for a secrets file in `config/`, decrypt, and load the first valid one it finds.
99
+ `eyaml` comes with baked in Rails support. It will search for a secrets or credentials file in `config/`, decrypt, and load the first valid one it finds.
100
+ Credential files have priority over secrets before rails 7.2:
101
+ `credentials.{eyaml|eyml|ejson}` (e.g. `config/credentials.eyaml`) then `credentials.$env.{eyaml|eyml|ejson}` (e.g. `credentials.production.eyml`).
102
+ Then if no credentials are found it will look for a secrets file:
92
103
  `secrets.{eyaml|eyml|ejson}` (e.g. `config/secrets.eyaml`) then `secrets.$env.{eyaml|eyml|ejson}` (e.g. `secrets.production.eyml`).
93
104
 
105
+ Note: From rails 7.2 onwards secrets are deprecated and eyaml will only look for credential files.
106
+
94
107
  Instead of needing a private key locally, you can provide it to EYAML by setting `EJSON_PRIVATE_KEY` and it'll be automatically used for decrypting the secrets file.
95
108
 
96
109
  ### Apple M1 Support
data/lib/eyaml/railtie.rb CHANGED
@@ -9,7 +9,20 @@ module EYAML
9
9
  PRIVATE_KEY_ENV_VAR = "EJSON_PRIVATE_KEY"
10
10
 
11
11
  config.before_configuration do
12
- secrets_files.each do |file|
12
+ secret_files_present = Dir.glob(auth_files(:secrets)).any?
13
+ credential_files_present = Dir.glob(auth_files(:credentials)).any?
14
+
15
+ secrets_or_credentials = if Rails.version >= "7.2"
16
+ :credentials
17
+ else
18
+ if credential_files_present
19
+ :credentials
20
+ elsif secret_files_present
21
+ :secrets
22
+ end
23
+ end
24
+
25
+ auth_files(secrets_or_credentials).each do |file|
13
26
  next unless valid?(file)
14
27
 
15
28
  # If private_key is nil (i.e. when $EJSON_PRIVATE_KEY is not set), EYAML will search
@@ -19,7 +32,7 @@ module EYAML
19
32
  .deep_symbolize_keys
20
33
  .except(:_public_key)
21
34
 
22
- break Rails.application.secrets.deep_merge!(secrets)
35
+ break Rails.application.send(secrets_or_credentials).deep_merge!(secrets)
23
36
  end
24
37
  end
25
38
 
@@ -30,13 +43,13 @@ module EYAML
30
43
  pathname.exist?
31
44
  end
32
45
 
33
- def secrets_files
34
- EYAML::SUPPORTED_EXTENSIONS.map do |ext|
46
+ def auth_files(secrets_or_credentials)
47
+ EYAML::SUPPORTED_EXTENSIONS.flat_map do |ext|
35
48
  [
36
- Rails.root.join("config", "secrets.#{ext}"),
37
- Rails.root.join("config", "secrets.#{Rails.env}.#{ext}")
49
+ Rails.root.join("config", "#{secrets_or_credentials}.#{ext}"),
50
+ Rails.root.join("config", "#{secrets_or_credentials}.#{Rails.env}.#{ext}")
38
51
  ]
39
- end.flatten
52
+ end
40
53
  end
41
54
  end
42
55
  end
data/lib/eyaml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module EYAML
4
- VERSION = "0.3.0"
4
+ VERSION = "0.4.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: eyaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Emil Stolarsky
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-25 00:00:00.000000000 Z
11
+ date: 2024-02-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -115,7 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
115
115
  - !ruby/object:Gem::Version
116
116
  version: '0'
117
117
  requirements: []
118
- rubygems_version: 3.2.3
118
+ rubygems_version: 3.4.21
119
119
  signing_key:
120
120
  specification_version: 4
121
121
  summary: Asymmetric keywise encryption for YAML