google_cloud_env_secrets 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 90ac38d180204dec944c36ba57e7072e36e87dadbafee415fb864a25b0b24fcf
-  data.tar.gz: 8373386dd3089abdad83128d2bff2ca5ac2d8ff954389a1f6810d67f6aee883f
+  metadata.gz: 8cae42f0b4569a668a8cd720672427c63862a2873c3029d811f6ffbe784ca0a5
+  data.tar.gz: fdff6f40d8b416e10e77b8097b23e6c222295d6cc02e90d981c3ad82b2176c36
 SHA512:
-  metadata.gz: 0c9f4cfb80145fc506d78949ec3053e3a16994443a8245176d120f2c4597619eef889f62dd8997a79cd9979610c0a43dddfc158b54be2e9d0aa298427fde58e4
-  data.tar.gz: 96d34802b6c79246c8252f96cd6635de3c1ee3d8ef55ccc993264f350488fa5449d6f57a3a272d14360b48f88e6d88b9e159c716f45319bd7ea000ad8c809f53
+  metadata.gz: c48d2996eb230b92c7a48fe5b8610bc1267d1da340237c53e18311506799a7a0e13978c1a8edb1d503e4aefa1badffe2b4ed2cdc3b4ea386a26dc6052ba836e5
+  data.tar.gz: 37de843da13be35009b5371c98403ee1ec8420182160b3ab8f7211e9db8a450a164b915e6c015ec3553b9f9d72b32d847956824a71b677915ae823e6e636fccf

data/README.md

@@ -28,7 +28,12 @@ Configure this gem with environment vars:
 | `GOOGLE_APPLICATION_CREDENTIALS` | Manually set path to Google Application Credentials.               |
 | `GOOGLE_PROJECT`                 | Manually set the Google project. Automatically detected otherwise. |
 | `GOOGLE_SECRETS_PREFIX`          | Only load secrets that start with prefix.                          |
+| `GOOGLE_SECRETS_FORCE`           | Replace existing ENV vars with secret's value. Default `true`.     |
 
+Google Secrets are available after the [before_configuration hook](https://guides.rubyonrails.org/configuring.html#initialization-events).
+You can call `GoogleCloudEnvSecrets.load` if you need the ENV secrets sooner than that.
+
+See [docs](https://www.rubydoc.info/github/mattes/rails_google_cloud_env_secrets/main), too.
 
 ## Required IAM Roles
 

data/lib/google_cloud_env_secrets/config.rb

@@ -4,9 +4,11 @@ module GoogleCloudEnvSecrets
     attr_accessor :credentials
     attr_accessor :cache_secrets
     attr_accessor :prefix
+    attr_accessor :force
 
     def initialize
       @cache_secrets = true
+      @force = true
     end
   end
 

data/lib/google_cloud_env_secrets/railtie.rb

@@ -1,14 +1,25 @@
 module GoogleCloudEnvSecrets
   class Railtie < ::Rails::Railtie
-    initializer "google_cloud_env_secrets.initialize", after: :bootstrap_hook do |app|
-      GoogleCloudEnvSecrets.configure do |config|
-        config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
-        config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
-        config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
-      end
 
-      secrets = GoogleCloudEnvSecrets.all
-      GoogleCloudEnvSecrets.inject_env!(secrets)
+    # load Google Secrets during Rails `before_configuration` hook
+    config.before_configuration do
+      GoogleCloudEnvSecrets.load
     end
   end
+
+  # load Google Secrets into ENV
+  def self.load
+    GoogleCloudEnvSecrets.configure do |config|
+      config.credentials = ENV["GOOGLE_APPLICATION_CREDENTIALS"] || nil
+      config.project = ENV["GOOGLE_PROJECT"] || Google::Cloud.env.project_id
+      config.prefix = ENV["GOOGLE_SECRETS_PREFIX"] || nil
+
+      if ENV.has_key?("GOOGLE_SECRETS_FORCE")
+        config.force = ENV["GOOGLE_SECRETS_FORCE"]&.to_s&.downcase == "true"
+      end
+    end
+
+    secrets = GoogleCloudEnvSecrets.all
+    GoogleCloudEnvSecrets.inject_env!(secrets, GoogleCloudEnvSecrets.configuration.force)
+  end
 end

data/lib/google_cloud_env_secrets/secrets.rb

@@ -2,6 +2,11 @@ module GoogleCloudEnvSecrets
   def self.all
     @secrets = nil unless self.configuration.cache_secrets
     @secrets ||= begin
+        # Skip if not running on Google Cloud and credentials are not set explicitly
+        if self.configuration.credentials.nil? && Google::Cloud.env.project_id.nil?
+          return {}
+        end
+
         # Configure and initialize
         # https://googleapis.dev/ruby/google-cloud-secret_manager/latest/Google/Cloud/SecretManager.html
         Google::Cloud::SecretManager.configure do |config|
@@ -38,17 +43,22 @@ module GoogleCloudEnvSecrets
 
         secrets
       end
-    @secrets
+
+    @secrets || {}
   end
 
   def self.find(name)
-    self.all # make sure we have the secrets loaded
-    @secrets[name.to_s]
+    self.all[name.to_s]
   end
 
-  def self.inject_env!(secrets = {})
+  def self.inject_env!(secrets = {}, force = true, env = ENV)
     secrets.each do |name, value|
-      ENV[name.to_s] = value
+      name = name.to_s
+      if force
+        env[name] = value
+      else
+        env[name] unless env.has_key?(name)
+      end
     end
   end
 end

data/lib/google_cloud_env_secrets/version.rb

@@ -1,3 +1,3 @@
 module GoogleCloudEnvSecrets
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google_cloud_env_secrets
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Matthias Kadenbach
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-09 00:00:00.000000000 Z
+date: 2020-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails