eyaml 0.4.3 → 0.4.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -0
  3. data/lib/eyaml/railtie.rb +25 -22
  4. data/lib/eyaml/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 00bde71da67e58726c900ee6a7136634ae077bec36610404aeb2ed79f6879408
4
- data.tar.gz: 43c9ccc56469095c1c3f3e9fec7ef3d0f81506e0779729cac3f868131f96d72d
3
+ metadata.gz: e41f45dc204d0eca7c3f2dfa63a08c048937448fc1f9bda4adc1e208a6ccc08c
4
+ data.tar.gz: 46af6f44adf19aa9a5f79c049f0c95478337db8a644717a610b0330af167b1bf
5
5
  SHA512:
6
- metadata.gz: bc297dd8373669826b9573d81657656a29dfcd57bfad2d549c7c3b6e8e79087b8c5035083bdb99f53ef5579fb0b384b60f8c6c72f6ccdfce9a103beab36a2e9a
7
- data.tar.gz: 277e8b83fafa73c21e3136684d648fc0b6ebff29c7656e25d26594490da18635af4ae84bf6db06895c8372180816f056f746303a27642463886a599ed5165eda
6
+ metadata.gz: '082086ac47e16c02435e404cbfc9454ff761811c39f02618cdbe6cbf4afc67cc0c523919549fe467903dfb4c504b83a444d1f445af6a42e82110698d415ef61e'
7
+ data.tar.gz: 253fb1d949046d0cc7a79b2f33a8e9e5fa02fe13b7d82cc15a887f0452a262401f314a533f34dd642bbbb85bec8dccd6f417f0d4f834d3e90f21ef7cf2dd80aa
data/README.md CHANGED
@@ -114,6 +114,9 @@ Instead of needing a private key locally, you can provide it to EYAML by setting
114
114
 
115
115
  If you put your rails master key encrypted in the eyaml file, make sure you don't have another `master.key` file somewhere, since that can interfere.
116
116
 
117
+ When setting the SECRET_KEY_BASE_DUMMY environment variable, the secrets/credentials loading will be skipped.
118
+ This can be handy to for example do an asset precompilation step in production where you don't need any secrets/credentials.
119
+
117
120
  ### Example setup
118
121
 
119
122
  To add encryption + credentials to a rails project do the following things:
data/lib/eyaml/railtie.rb CHANGED
@@ -12,34 +12,37 @@ module EYAML
12
12
  end
13
13
 
14
14
  config.before_configuration do
15
- if File.exist?(Rails.root.join("config", "master.key"))
16
- raise ConflictError, "A config/master.key has been found. The rails credentials lookup conflicts with eyaml. Please remove rails credentials management by removing the master.key file to keep using eyaml."
17
- end
18
- secret_files_present = Dir.glob(auth_files(:secrets)).any?
19
- credential_files_present = Dir.glob(auth_files(:credentials)).any?
15
+ unless ENV.fetch("SECRET_KEY_BASE_DUMMY", false)
16
+ # Allow rails to run without loading the credentials
17
+ if File.exist?(Rails.root.join("config", "master.key"))
18
+ raise ConflictError, "A config/master.key has been found. The rails credentials lookup conflicts with eyaml. Please remove rails credentials management by removing the master.key file to keep using eyaml."
19
+ end
20
+ secret_files_present = Dir.glob(auth_files(:secrets)).any?
21
+ credential_files_present = Dir.glob(auth_files(:credentials)).any?
20
22
 
21
- secrets_or_credentials = if Rails.version >= "7.2"
22
- :credentials
23
- else
24
- if credential_files_present
23
+ secrets_or_credentials = if Rails.version >= "7.2"
25
24
  :credentials
26
- elsif secret_files_present
27
- :secrets
25
+ else
26
+ if credential_files_present
27
+ :credentials
28
+ elsif secret_files_present
29
+ :secrets
30
+ end
28
31
  end
29
- end
30
32
 
31
- auth_files(secrets_or_credentials).each do |file|
32
- next unless valid?(file)
33
+ auth_files(secrets_or_credentials).each do |file|
34
+ next unless valid?(file)
33
35
 
34
- # If private_key is nil (i.e. when $EJSON_PRIVATE_KEY is not set), EYAML will search
35
- # for a public/private key in the key directory (either $EJSON_KEYDIR, if set, or /opt/ejson/keys)
36
- cipherdata = YAML.load_file(file)
37
- secrets = EYAML.decrypt(cipherdata, private_key: ENV[PRIVATE_KEY_ENV_VAR])
38
- .except("_public_key")
39
- secrets = EYAML::Util.with_deep_deundescored_keys(secrets)
40
- .deep_symbolize_keys
36
+ # If private_key is nil (i.e. when $EJSON_PRIVATE_KEY is not set), EYAML will search
37
+ # for a public/private key in the key directory (either $EJSON_KEYDIR, if set, or /opt/ejson/keys)
38
+ cipherdata = YAML.load_file(file)
39
+ secrets = EYAML.decrypt(cipherdata, private_key: ENV[PRIVATE_KEY_ENV_VAR])
40
+ .except("_public_key")
41
+ secrets = EYAML::Util.with_deep_deundescored_keys(secrets)
42
+ .deep_symbolize_keys
41
43
 
42
- break Rails.application.send(secrets_or_credentials).deep_merge!(secrets)
44
+ break Rails.application.send(secrets_or_credentials).deep_merge!(secrets)
45
+ end
43
46
  end
44
47
  end
45
48
 
data/lib/eyaml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module EYAML
4
- VERSION = "0.4.3"
4
+ VERSION = "0.4.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: eyaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.3
4
+ version: 0.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Emil Stolarsky
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-17 00:00:00.000000000 Z
11
+ date: 2024-08-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor