rails-env-credentials 0.1.1 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +31 -0
- data/.gitignore +1 -0
- data/README.md +65 -21
- data/bin/console +1 -1
- data/gemfiles/rails_52.gemfile +5 -0
- data/lib/rails_env_credentials/railtie.rb +11 -2
- data/lib/rails_env_credentials/version.rb +1 -1
- data/lib/rails_env_credentials.rb +1 -2
- data/rails-env-credentials.gemspec +1 -1
- metadata +10 -11
- data/.travis.yml +0 -19
- data/lib/rails_env_credentials/credentials_overwrite.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b00045c815c0c178127b86ff25286eeeb749ab09bae4a622afba98e717613ee5
|
4
|
+
data.tar.gz: 86783e049e9a8a65ca9cf26c904a8eaf4b7bc91ff5b2793972f9c978efc3d988
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: feec5ed1204093d7861abe7e3862ced93c1a776234b710c905d717a5c2153dcc84dba1f0e695f1b6e3056f925c5f25b08e17f0b403c0f5dacd51c9195e16cdaa
|
7
|
+
data.tar.gz: 66d272c94707a1d032a256cc2a25ca6c013157365561a0b3285106a9c60ce2cef770c8e5a80b615199baf2fb9de341d3fadbedd610fe29fd553eacd5eb3f9f26
|
@@ -0,0 +1,31 @@
|
|
1
|
+
name: Ruby
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
pull_request:
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
build:
|
9
|
+
runs-on: ubuntu-latest
|
10
|
+
|
11
|
+
strategy:
|
12
|
+
matrix:
|
13
|
+
ruby:
|
14
|
+
- 2.4
|
15
|
+
- 2.5
|
16
|
+
- 2.6
|
17
|
+
- 2.7
|
18
|
+
gemfile:
|
19
|
+
- rails_52
|
20
|
+
env:
|
21
|
+
BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
|
22
|
+
|
23
|
+
steps:
|
24
|
+
- uses: actions/checkout@v2
|
25
|
+
- name: Set up Ruby
|
26
|
+
uses: ruby/setup-ruby@v1
|
27
|
+
with:
|
28
|
+
ruby-version: ${{ matrix.ruby }}
|
29
|
+
bundler-cache: true
|
30
|
+
- name: Run the default task
|
31
|
+
run: bundle exec rake
|
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -1,26 +1,10 @@
|
|
1
1
|
[](https://badge.fury.io/rb/rails-env-credentials)
|
2
|
-
[](https://github.com/sinsoku/rails-env-credentials/actions/workflows/main.yml)
|
3
3
|
|
4
4
|
# RailsEnvCredentials
|
5
5
|
|
6
6
|
It enhances the Credentials feature introduced by Rails v5.2.0.
|
7
7
|
|
8
|
-
## Why make it?
|
9
|
-
|
10
|
-
Credentials is a good feature, but we cannot use it on development and test environment.
|
11
|
-
|
12
|
-
DHH wrote as follow in the pull request for initial implementation:
|
13
|
-
|
14
|
-
> It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret.
|
15
|
-
>
|
16
|
-
> refs: https://github.com/rails/rails/pull/30067
|
17
|
-
|
18
|
-
However, I have to manage secrets in the staging environment.
|
19
|
-
|
20
|
-
I do not have the confidence to explain explicit use cases to Rails team, so I implemented as a gem.
|
21
|
-
|
22
|
-
If many people use it, I would like to send a pull request to Rails.:octocat::heart:
|
23
|
-
|
24
8
|
## Installation
|
25
9
|
|
26
10
|
Add this line to your Rails application's Gemfile:
|
@@ -39,13 +23,55 @@ $ bundle
|
|
39
23
|
|
40
24
|
## Usage
|
41
25
|
|
42
|
-
RailsEnvCredentials
|
26
|
+
RailsEnvCredentials manages credentials and key pairs with the following:
|
27
|
+
|
28
|
+
```
|
29
|
+
config/credentials-development.yml.enc
|
30
|
+
config/credentials-test.yml.enc
|
31
|
+
config/credentials.yml.enc
|
32
|
+
master-development.key
|
33
|
+
master-test.key
|
34
|
+
master.key
|
35
|
+
```
|
36
|
+
|
37
|
+
It also manages environment variables for each env.
|
38
|
+
|
39
|
+
```
|
40
|
+
RAILS_MASTER_KEY_DEVELOPMENT
|
41
|
+
RAILS_MASTER_KEY_TEST
|
42
|
+
RAILS_MASTER_KEY
|
43
|
+
```
|
44
|
+
|
45
|
+
You can use appropriate credentials depending on `Rails.env`.
|
46
|
+
|
47
|
+
```console
|
48
|
+
$ rails env_credentials:show -e development
|
49
|
+
# config/credentials-development.yml.enc
|
50
|
+
aws:
|
51
|
+
bucket: foo-dev
|
52
|
+
|
53
|
+
$ rails env_credentials:show -e production
|
54
|
+
# config/credentials.yml.enc
|
55
|
+
aws:
|
56
|
+
bucket: foo-prod
|
57
|
+
|
58
|
+
$ rails runner -e development 'pp Rails.application.credentials.aws.bucket'
|
59
|
+
"foo-dev"
|
60
|
+
$ rails runner -e production 'pp Rails.application.credentials.aws.bucket'
|
61
|
+
"foo-prod"
|
62
|
+
```
|
63
|
+
|
64
|
+
## Generating secrets and a master key
|
65
|
+
|
66
|
+
It automatically generate encrypted file and the master key when you starts editing credentials at first:
|
43
67
|
|
44
68
|
```
|
45
69
|
$ rails env_credentials:edit -e development
|
46
70
|
```
|
47
71
|
|
48
|
-
|
72
|
+
## Show secrets
|
73
|
+
|
74
|
+
You want to see decrypted contents, use `env_credentials:show`:
|
49
75
|
|
50
76
|
```
|
51
77
|
$ rails env_credentials:show -e development
|
@@ -55,7 +81,11 @@ $ rails env_credentials:show -e development
|
|
55
81
|
|
56
82
|
### Other environments support
|
57
83
|
|
58
|
-
For example, if the `config/environments/staging.rb` exists,
|
84
|
+
For example, if the `config/environments/staging.rb` exists, you will generate `config/credentials-staging.yml.enc`.
|
85
|
+
|
86
|
+
```
|
87
|
+
$ rails env_credentials:edit -e staging
|
88
|
+
```
|
59
89
|
|
60
90
|
### Display a diff
|
61
91
|
|
@@ -75,6 +105,20 @@ $ git config diff.env_credentials.textconv 'rails env_credentials:show --file'
|
|
75
105
|
|
76
106
|
This tells Git that encrypted files should decrypt by the `env_credentials:show` task when you try to display a diff.
|
77
107
|
|
108
|
+
## Why make this gem?
|
109
|
+
|
110
|
+
Credentials is a good feature, but we cannot use it on development and test environment.
|
111
|
+
|
112
|
+
DHH wrote as follow in the pull request for initial implementation:
|
113
|
+
|
114
|
+
> It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret.
|
115
|
+
>
|
116
|
+
> refs: https://github.com/rails/rails/pull/30067
|
117
|
+
|
118
|
+
However, I have to manage secrets and a master key different from production for testing in the staging environment.
|
119
|
+
|
120
|
+
I do not have the confidence to explain explicit use cases to Rails team, so I implemented as a gem.
|
121
|
+
|
78
122
|
## Development
|
79
123
|
|
80
124
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -91,4 +135,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
91
135
|
|
92
136
|
## Code of Conduct
|
93
137
|
|
94
|
-
Everyone interacting in the Rails::Env::Credentials project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/sinsoku/rails-env-credentials/blob/
|
138
|
+
Everyone interacting in the Rails::Env::Credentials project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/sinsoku/rails-env-credentials/blob/main/CODE_OF_CONDUCT.md).
|
data/bin/console
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require "bundler/setup"
|
4
|
-
require "rails
|
4
|
+
require "rails-env-credentials"
|
5
5
|
|
6
6
|
# You can add fixtures and/or initialization code here to make experimenting
|
7
7
|
# with your gem easier. You can also use a different console, if you like.
|
@@ -1,9 +1,18 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module RailsEnvCredentials
|
4
|
+
module CredentialsOverwrite
|
5
|
+
def credentials
|
6
|
+
@credentials ||= RailsEnvCredentials.credentials
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
4
10
|
class Railtie < ::Rails::Railtie
|
5
|
-
|
6
|
-
is_credentials_command = Rails
|
11
|
+
config.before_configuration do
|
12
|
+
is_credentials_command = Rails.const_defined?(:Command) &&
|
13
|
+
Rails::Command.const_defined?(:CredentialsCommand) &&
|
14
|
+
!Rails::Command.const_defined?(:EnvCredentialsCommand)
|
15
|
+
|
7
16
|
Rails::Application.prepend(CredentialsOverwrite) unless is_credentials_command
|
8
17
|
end
|
9
18
|
end
|
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require "rails"
|
4
4
|
require "rails_env_credentials/config"
|
5
|
-
require "rails_env_credentials/credentials_overwrite"
|
6
5
|
require "rails_env_credentials/railtie"
|
7
6
|
require "rails_env_credentials/version"
|
8
7
|
|
@@ -26,7 +25,7 @@ module RailsEnvCredentials
|
|
26
25
|
end
|
27
26
|
|
28
27
|
def credentials
|
29
|
-
ActiveSupport::EncryptedConfiguration.new(options)
|
28
|
+
ActiveSupport::EncryptedConfiguration.new(**options)
|
30
29
|
end
|
31
30
|
end
|
32
31
|
end
|
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
|
25
25
|
spec.add_dependency "rails", ">= 5.2.0.rc1"
|
26
26
|
|
27
|
-
spec.add_development_dependency "bundler", "~>
|
27
|
+
spec.add_development_dependency "bundler", "~> 2.0"
|
28
28
|
spec.add_development_dependency "rake", "~> 10.0"
|
29
29
|
spec.add_development_dependency "rspec", "~> 3.0"
|
30
30
|
spec.add_development_dependency "simplecov"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails-env-credentials
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- sinsoku
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-09-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
33
|
+
version: '2.0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
40
|
+
version: '2.0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -87,9 +87,9 @@ executables: []
|
|
87
87
|
extensions: []
|
88
88
|
extra_rdoc_files: []
|
89
89
|
files:
|
90
|
+
- ".github/workflows/main.yml"
|
90
91
|
- ".gitignore"
|
91
92
|
- ".rspec"
|
92
|
-
- ".travis.yml"
|
93
93
|
- CODE_OF_CONDUCT.md
|
94
94
|
- Gemfile
|
95
95
|
- LICENSE.txt
|
@@ -101,12 +101,12 @@ files:
|
|
101
101
|
- config/environments/production.rb
|
102
102
|
- config/environments/staging.rb
|
103
103
|
- config/environments/test.rb
|
104
|
+
- gemfiles/rails_52.gemfile
|
104
105
|
- gemfiles/rails_edge.gemfile
|
105
106
|
- lib/rails-env-credentials.rb
|
106
107
|
- lib/rails/commands/env_credentials_command.rb
|
107
108
|
- lib/rails_env_credentials.rb
|
108
109
|
- lib/rails_env_credentials/config.rb
|
109
|
-
- lib/rails_env_credentials/credentials_overwrite.rb
|
110
110
|
- lib/rails_env_credentials/railtie.rb
|
111
111
|
- lib/rails_env_credentials/version.rb
|
112
112
|
- rails-env-credentials.gemspec
|
@@ -114,7 +114,7 @@ homepage: https://github.com/sinsoku/rails-env-credentials
|
|
114
114
|
licenses:
|
115
115
|
- MIT
|
116
116
|
metadata: {}
|
117
|
-
post_install_message:
|
117
|
+
post_install_message:
|
118
118
|
rdoc_options: []
|
119
119
|
require_paths:
|
120
120
|
- lib
|
@@ -129,9 +129,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
129
129
|
- !ruby/object:Gem::Version
|
130
130
|
version: '0'
|
131
131
|
requirements: []
|
132
|
-
|
133
|
-
|
134
|
-
signing_key:
|
132
|
+
rubygems_version: 3.1.6
|
133
|
+
signing_key:
|
135
134
|
specification_version: 4
|
136
135
|
summary: It enhances the credentials configuration introduced by Rails v5.2.0
|
137
136
|
test_files: []
|
data/.travis.yml
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
sudo: false
|
2
|
-
language: ruby
|
3
|
-
rvm:
|
4
|
-
- 2.5.0
|
5
|
-
- 2.4.2
|
6
|
-
- ruby-head
|
7
|
-
gemfile:
|
8
|
-
- Gemfile
|
9
|
-
- gemfiles/rails_edge.gemfile
|
10
|
-
matrix:
|
11
|
-
allow_failures:
|
12
|
-
- rvm: ruby-head
|
13
|
-
- gemfile: gemfiles/rails_edge.gemfile
|
14
|
-
before_install: gem install bundler -v 1.16.1
|
15
|
-
cache: bundler
|
16
|
-
notifications:
|
17
|
-
email:
|
18
|
-
on_success: never
|
19
|
-
on_failure: change
|