rails-env-credentials 0.1.1 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +31 -0
- data/.gitignore +1 -0
- data/README.md +65 -21
- data/bin/console +1 -1
- data/gemfiles/rails_52.gemfile +5 -0
- data/lib/rails_env_credentials/railtie.rb +11 -2
- data/lib/rails_env_credentials/version.rb +1 -1
- data/lib/rails_env_credentials.rb +1 -2
- data/rails-env-credentials.gemspec +1 -1
- metadata +10 -11
- data/.travis.yml +0 -19
- data/lib/rails_env_credentials/credentials_overwrite.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b00045c815c0c178127b86ff25286eeeb749ab09bae4a622afba98e717613ee5
|
4
|
+
data.tar.gz: 86783e049e9a8a65ca9cf26c904a8eaf4b7bc91ff5b2793972f9c978efc3d988
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: feec5ed1204093d7861abe7e3862ced93c1a776234b710c905d717a5c2153dcc84dba1f0e695f1b6e3056f925c5f25b08e17f0b403c0f5dacd51c9195e16cdaa
|
7
|
+
data.tar.gz: 66d272c94707a1d032a256cc2a25ca6c013157365561a0b3285106a9c60ce2cef770c8e5a80b615199baf2fb9de341d3fadbedd610fe29fd553eacd5eb3f9f26
|
@@ -0,0 +1,31 @@
|
|
1
|
+
name: Ruby
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
pull_request:
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
build:
|
9
|
+
runs-on: ubuntu-latest
|
10
|
+
|
11
|
+
strategy:
|
12
|
+
matrix:
|
13
|
+
ruby:
|
14
|
+
- 2.4
|
15
|
+
- 2.5
|
16
|
+
- 2.6
|
17
|
+
- 2.7
|
18
|
+
gemfile:
|
19
|
+
- rails_52
|
20
|
+
env:
|
21
|
+
BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
|
22
|
+
|
23
|
+
steps:
|
24
|
+
- uses: actions/checkout@v2
|
25
|
+
- name: Set up Ruby
|
26
|
+
uses: ruby/setup-ruby@v1
|
27
|
+
with:
|
28
|
+
ruby-version: ${{ matrix.ruby }}
|
29
|
+
bundler-cache: true
|
30
|
+
- name: Run the default task
|
31
|
+
run: bundle exec rake
|
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -1,26 +1,10 @@
|
|
1
1
|
[![Gem Version](https://badge.fury.io/rb/rails-env-credentials.svg)](https://badge.fury.io/rb/rails-env-credentials)
|
2
|
-
[![
|
2
|
+
[![Ruby](https://github.com/sinsoku/rails-env-credentials/actions/workflows/main.yml/badge.svg)](https://github.com/sinsoku/rails-env-credentials/actions/workflows/main.yml)
|
3
3
|
|
4
4
|
# RailsEnvCredentials
|
5
5
|
|
6
6
|
It enhances the Credentials feature introduced by Rails v5.2.0.
|
7
7
|
|
8
|
-
## Why make it?
|
9
|
-
|
10
|
-
Credentials is a good feature, but we cannot use it on development and test environment.
|
11
|
-
|
12
|
-
DHH wrote as follow in the pull request for initial implementation:
|
13
|
-
|
14
|
-
> It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret.
|
15
|
-
>
|
16
|
-
> refs: https://github.com/rails/rails/pull/30067
|
17
|
-
|
18
|
-
However, I have to manage secrets in the staging environment.
|
19
|
-
|
20
|
-
I do not have the confidence to explain explicit use cases to Rails team, so I implemented as a gem.
|
21
|
-
|
22
|
-
If many people use it, I would like to send a pull request to Rails.:octocat::heart:
|
23
|
-
|
24
8
|
## Installation
|
25
9
|
|
26
10
|
Add this line to your Rails application's Gemfile:
|
@@ -39,13 +23,55 @@ $ bundle
|
|
39
23
|
|
40
24
|
## Usage
|
41
25
|
|
42
|
-
RailsEnvCredentials
|
26
|
+
RailsEnvCredentials manages credentials and key pairs with the following:
|
27
|
+
|
28
|
+
```
|
29
|
+
config/credentials-development.yml.enc
|
30
|
+
config/credentials-test.yml.enc
|
31
|
+
config/credentials.yml.enc
|
32
|
+
master-development.key
|
33
|
+
master-test.key
|
34
|
+
master.key
|
35
|
+
```
|
36
|
+
|
37
|
+
It also manages environment variables for each env.
|
38
|
+
|
39
|
+
```
|
40
|
+
RAILS_MASTER_KEY_DEVELOPMENT
|
41
|
+
RAILS_MASTER_KEY_TEST
|
42
|
+
RAILS_MASTER_KEY
|
43
|
+
```
|
44
|
+
|
45
|
+
You can use appropriate credentials depending on `Rails.env`.
|
46
|
+
|
47
|
+
```console
|
48
|
+
$ rails env_credentials:show -e development
|
49
|
+
# config/credentials-development.yml.enc
|
50
|
+
aws:
|
51
|
+
bucket: foo-dev
|
52
|
+
|
53
|
+
$ rails env_credentials:show -e production
|
54
|
+
# config/credentials.yml.enc
|
55
|
+
aws:
|
56
|
+
bucket: foo-prod
|
57
|
+
|
58
|
+
$ rails runner -e development 'pp Rails.application.credentials.aws.bucket'
|
59
|
+
"foo-dev"
|
60
|
+
$ rails runner -e production 'pp Rails.application.credentials.aws.bucket'
|
61
|
+
"foo-prod"
|
62
|
+
```
|
63
|
+
|
64
|
+
## Generating secrets and a master key
|
65
|
+
|
66
|
+
It automatically generate encrypted file and the master key when you starts editing credentials at first:
|
43
67
|
|
44
68
|
```
|
45
69
|
$ rails env_credentials:edit -e development
|
46
70
|
```
|
47
71
|
|
48
|
-
|
72
|
+
## Show secrets
|
73
|
+
|
74
|
+
You want to see decrypted contents, use `env_credentials:show`:
|
49
75
|
|
50
76
|
```
|
51
77
|
$ rails env_credentials:show -e development
|
@@ -55,7 +81,11 @@ $ rails env_credentials:show -e development
|
|
55
81
|
|
56
82
|
### Other environments support
|
57
83
|
|
58
|
-
For example, if the `config/environments/staging.rb` exists,
|
84
|
+
For example, if the `config/environments/staging.rb` exists, you will generate `config/credentials-staging.yml.enc`.
|
85
|
+
|
86
|
+
```
|
87
|
+
$ rails env_credentials:edit -e staging
|
88
|
+
```
|
59
89
|
|
60
90
|
### Display a diff
|
61
91
|
|
@@ -75,6 +105,20 @@ $ git config diff.env_credentials.textconv 'rails env_credentials:show --file'
|
|
75
105
|
|
76
106
|
This tells Git that encrypted files should decrypt by the `env_credentials:show` task when you try to display a diff.
|
77
107
|
|
108
|
+
## Why make this gem?
|
109
|
+
|
110
|
+
Credentials is a good feature, but we cannot use it on development and test environment.
|
111
|
+
|
112
|
+
DHH wrote as follow in the pull request for initial implementation:
|
113
|
+
|
114
|
+
> It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret.
|
115
|
+
>
|
116
|
+
> refs: https://github.com/rails/rails/pull/30067
|
117
|
+
|
118
|
+
However, I have to manage secrets and a master key different from production for testing in the staging environment.
|
119
|
+
|
120
|
+
I do not have the confidence to explain explicit use cases to Rails team, so I implemented as a gem.
|
121
|
+
|
78
122
|
## Development
|
79
123
|
|
80
124
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -91,4 +135,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
91
135
|
|
92
136
|
## Code of Conduct
|
93
137
|
|
94
|
-
Everyone interacting in the Rails::Env::Credentials project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/sinsoku/rails-env-credentials/blob/
|
138
|
+
Everyone interacting in the Rails::Env::Credentials project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/sinsoku/rails-env-credentials/blob/main/CODE_OF_CONDUCT.md).
|
data/bin/console
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require "bundler/setup"
|
4
|
-
require "rails
|
4
|
+
require "rails-env-credentials"
|
5
5
|
|
6
6
|
# You can add fixtures and/or initialization code here to make experimenting
|
7
7
|
# with your gem easier. You can also use a different console, if you like.
|
@@ -1,9 +1,18 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module RailsEnvCredentials
|
4
|
+
module CredentialsOverwrite
|
5
|
+
def credentials
|
6
|
+
@credentials ||= RailsEnvCredentials.credentials
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
4
10
|
class Railtie < ::Rails::Railtie
|
5
|
-
|
6
|
-
is_credentials_command = Rails
|
11
|
+
config.before_configuration do
|
12
|
+
is_credentials_command = Rails.const_defined?(:Command) &&
|
13
|
+
Rails::Command.const_defined?(:CredentialsCommand) &&
|
14
|
+
!Rails::Command.const_defined?(:EnvCredentialsCommand)
|
15
|
+
|
7
16
|
Rails::Application.prepend(CredentialsOverwrite) unless is_credentials_command
|
8
17
|
end
|
9
18
|
end
|
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require "rails"
|
4
4
|
require "rails_env_credentials/config"
|
5
|
-
require "rails_env_credentials/credentials_overwrite"
|
6
5
|
require "rails_env_credentials/railtie"
|
7
6
|
require "rails_env_credentials/version"
|
8
7
|
|
@@ -26,7 +25,7 @@ module RailsEnvCredentials
|
|
26
25
|
end
|
27
26
|
|
28
27
|
def credentials
|
29
|
-
ActiveSupport::EncryptedConfiguration.new(options)
|
28
|
+
ActiveSupport::EncryptedConfiguration.new(**options)
|
30
29
|
end
|
31
30
|
end
|
32
31
|
end
|
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
|
25
25
|
spec.add_dependency "rails", ">= 5.2.0.rc1"
|
26
26
|
|
27
|
-
spec.add_development_dependency "bundler", "~>
|
27
|
+
spec.add_development_dependency "bundler", "~> 2.0"
|
28
28
|
spec.add_development_dependency "rake", "~> 10.0"
|
29
29
|
spec.add_development_dependency "rspec", "~> 3.0"
|
30
30
|
spec.add_development_dependency "simplecov"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails-env-credentials
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- sinsoku
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-09-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
33
|
+
version: '2.0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
40
|
+
version: '2.0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -87,9 +87,9 @@ executables: []
|
|
87
87
|
extensions: []
|
88
88
|
extra_rdoc_files: []
|
89
89
|
files:
|
90
|
+
- ".github/workflows/main.yml"
|
90
91
|
- ".gitignore"
|
91
92
|
- ".rspec"
|
92
|
-
- ".travis.yml"
|
93
93
|
- CODE_OF_CONDUCT.md
|
94
94
|
- Gemfile
|
95
95
|
- LICENSE.txt
|
@@ -101,12 +101,12 @@ files:
|
|
101
101
|
- config/environments/production.rb
|
102
102
|
- config/environments/staging.rb
|
103
103
|
- config/environments/test.rb
|
104
|
+
- gemfiles/rails_52.gemfile
|
104
105
|
- gemfiles/rails_edge.gemfile
|
105
106
|
- lib/rails-env-credentials.rb
|
106
107
|
- lib/rails/commands/env_credentials_command.rb
|
107
108
|
- lib/rails_env_credentials.rb
|
108
109
|
- lib/rails_env_credentials/config.rb
|
109
|
-
- lib/rails_env_credentials/credentials_overwrite.rb
|
110
110
|
- lib/rails_env_credentials/railtie.rb
|
111
111
|
- lib/rails_env_credentials/version.rb
|
112
112
|
- rails-env-credentials.gemspec
|
@@ -114,7 +114,7 @@ homepage: https://github.com/sinsoku/rails-env-credentials
|
|
114
114
|
licenses:
|
115
115
|
- MIT
|
116
116
|
metadata: {}
|
117
|
-
post_install_message:
|
117
|
+
post_install_message:
|
118
118
|
rdoc_options: []
|
119
119
|
require_paths:
|
120
120
|
- lib
|
@@ -129,9 +129,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
129
129
|
- !ruby/object:Gem::Version
|
130
130
|
version: '0'
|
131
131
|
requirements: []
|
132
|
-
|
133
|
-
|
134
|
-
signing_key:
|
132
|
+
rubygems_version: 3.1.6
|
133
|
+
signing_key:
|
135
134
|
specification_version: 4
|
136
135
|
summary: It enhances the credentials configuration introduced by Rails v5.2.0
|
137
136
|
test_files: []
|
data/.travis.yml
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
sudo: false
|
2
|
-
language: ruby
|
3
|
-
rvm:
|
4
|
-
- 2.5.0
|
5
|
-
- 2.4.2
|
6
|
-
- ruby-head
|
7
|
-
gemfile:
|
8
|
-
- Gemfile
|
9
|
-
- gemfiles/rails_edge.gemfile
|
10
|
-
matrix:
|
11
|
-
allow_failures:
|
12
|
-
- rvm: ruby-head
|
13
|
-
- gemfile: gemfiles/rails_edge.gemfile
|
14
|
-
before_install: gem install bundler -v 1.16.1
|
15
|
-
cache: bundler
|
16
|
-
notifications:
|
17
|
-
email:
|
18
|
-
on_success: never
|
19
|
-
on_failure: change
|