rails-env-credentials 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 84517ccea34a2ff4d2cb10143e6b404bdffa06268fc4c9041df0b308d5399906
-  data.tar.gz: 9d5680bd39e0fea33ff4ec6efa91d468cebab0fcc689727b379e8ae768002913
+  metadata.gz: 363b33c0c34aeb3dad04152477f1e528b47b9ab085e4360f4222aacfb5bfc348
+  data.tar.gz: fca49e47dabee021fbeb639adde223f696bea9dd6f6bae68c736fbf528eb7209
 SHA512:
-  metadata.gz: 8a73a80e72719f1c2a5b3e003bdcba4a9edc874e976bf52e02232139a3307353057692663f21499fa8191d265862b1f87dd486c1a4eb6ccc947b9731b9230be3
-  data.tar.gz: df73410d35cf50d9c083aad8f696462e3e13193f119a71eb986f042f126dc3eb10e809201eb24aba03598c121038b2519a2970346270a38ff335adff5aa6892a
+  metadata.gz: 15a9a335dc2eb2f32919d2d6d8f778051c120f0f684d5f9a99a6bc0df039b9a4328337e1e180d0ace296f8c41f7cf063b296976bc8bed321e654a60decc0526c
+  data.tar.gz: 7584a2d9f323183ad2aeb3b325053b97d479f3a51dbc080bb213f09b110339ccf38ca833179573d076cce409d0e6a4748f6ee2213f6c03e24bd3d2c9653b82a6

data/Gemfile

@@ -4,5 +4,3 @@ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 
 # Specify your gem's dependencies in rails-env-credentials.gemspec
 gemspec
-
-gem "rails", github: "rails/rails"

data/README.md

@@ -1,102 +1,79 @@
-# RailsEnvCredentials
-
-RailsEnvCredentials enhances the credentials configuration introduced by Rails v5.2.0.
-
-It make that `Rails.application.credentials` returns environment specific credentials.
-
-## Features
+[![Gem Version](https://badge.fury.io/rb/rails-env-credentials.svg)](https://badge.fury.io/rb/rails-env-credentials)
+[![Build Status](https://travis-ci.org/sinsoku/rails-env-credentials.svg?branch=master)](https://travis-ci.org/sinsoku/rails-env-credentials)
 
-It supports two cases as below:
+# RailsEnvCredentials
 
-### Case 1: Specify config file per env
+It enhances the Credentials feature introduced by Rails v5.2.0.
 
-You can use credentials with a different file per env.
+## Why make it?
 
-```yaml
-# config/credentials-development.yml.enc
-token: xxx
-```
+Credentials is a good feature, but we cannot use it on development and test environment.
 
-```yaml
-# config/credentials.yml.enc
-token: xxx
-```
+DHH wrote as follow in the pull request for initial implementation:
 
-### Case 2: Includes env in credentials
+> It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret.
+>
+> refs: https://github.com/rails/rails/pull/30067
 
-You can include env at a root level in credentials.
+However, I have to manage secrets in the staging environment.
 
-```yaml
-# config/credentials.yml.enc
-development:
-  token: xxx
+I do not have the confidence to explain explicit use cases to Rails team, so I implemented as a gem.
 
-test:
-  token: xxx
-
-production:
-  token: xxx
-```
+If many people use it, I would like to send a pull request to Rails.:octocat::heart:
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add this line to your Rails application's Gemfile:
 
 ```ruby
-gem 'rails-env-credentials'
+group :development, :test do
+  gem 'rails-env-credentials'
+end
 ```
 
-Then add this to `bin/rails` before `require 'rails/commands'`:
+And then execute:
 
-```ruby
-require 'rails_env_credentials/command'
+```
+$ bundle
 ```
 
 ## Usage
 
-You need to configure in `config/application.rb`:
-
-### Case 1: Specify config file per env
+RailsEnvCredentials will automatically generate encrypted file and the master key when you starts editing credentials at first:
 
-```ruby
-# config/application.rb
-RailsEnvCredentials.configure do |config|
-  config.development = {
-    config_path: "config/credentials-development.yml.enc",
-    key_path: "config/development.key",
-    env_key: "RAILS_DEVELOPMENT_KEY",
-  }
-
-  config.test = {
-    config_path: "config/credentials-test.yml.enc",
-    key_path: "config/test.key",
-    env_key: "RAILS_TEST_KEY",
-  }
-end
+```
+$ rails env_credentials:edit -e development
 ```
 
-### Case 2: Includes env in credentials
+If you want to see decrypted contents, use `env_credentials:show`
 
-```ruby
-# config/application.rb
-RailsEnvCredentials.configure do |config|
-  config.default[:include_env] = true
-end
 ```
+$ rails env_credentials:show -e development
+```
+
+## Additional information
 
-### How to edit credentials
+### Other environments support
 
-If you use only one file, so execute the command normally.
+For example, if the `config/environments/staging.rb` exists, RailsEnvCredentials will automatically generate `config/credentials-staging.yml.enc`.
+
+### Display a diff
+
+You can’t directly compare encrypted files between two versions, but it turns out you can see a diff using Git attributes.
+
+Put the following line in your `.gitattributes` file:
 
-```bash
-$ rails credentials:edit
+```
+config/credentials*.yml.enc diff=env_credentials
 ```
 
-If you use multiple config files, so execute with environment arguments.
+Then configure Git to use `env_credentials:show`:
 
-```bash
-$ rails credentials:edit -e production
 ```
+$ git config diff.env_credentials.textconv 'rails env_credentials:show --file'
+```
+
+This tells Git that encrypted files should decrypt by the `env_credentials:show` task when you try to display a diff.
 
 ## Development
 
@@ -114,4 +91,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the Rails::Env::Credentials project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rails-env-credentials/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the Rails::Env::Credentials project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/sinsoku/rails-env-credentials/blob/master/CODE_OF_CONDUCT.md).

data/lib/rails/commands/env_credentials_command.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require "rails/command/environment_argument"
+require "rails/commands/credentials/credentials_command"
+require "rails_env_credentials"
+
+using(Module.new do
+  refine Module do
+    def const_set!(name, value)
+      remove_const(name)
+      const_set(name, value)
+    end
+  end
+end)
+
+module Rails
+  module Command
+    class EnvCredentialsCommand < Rails::Command::CredentialsCommand
+      include EnvironmentArgument
+
+      argument :file, optional: true, banner: "file"
+      class_option :file, aliases: "-f", type: :string
+
+      def edit
+        set_credentials_env_from_argument!
+        super
+      end
+
+      def show
+        set_credentials_env_from_argument!
+        super
+      end
+
+      private
+
+      def set_credentials_env_from_argument!
+        extract_environment_option_from_argument
+
+        if options.file
+          RailsEnvCredentials.config_path = options.file
+        elsif available_environments.include?(options.environment)
+          RailsEnvCredentials.env = options[:environment]
+        else
+          raise "'#{options.environment}' environment is not found. Available: #{available_environments}"
+        end
+      end
+
+      def master_key_generator
+        require "rails/generators"
+        require "rails/generators/rails/master_key/master_key_generator"
+
+        key_path = RailsEnvCredentials.options[:key_path]
+        Rails::Generators::MasterKeyGenerator.const_set!(:MASTER_KEY_PATH, Pathname.new(key_path))
+        Rails::Generators::MasterKeyGenerator.new
+      end
+
+      def credentials_generator
+        require "rails/generators"
+        require "rails/generators/rails/credentials/credentials_generator"
+
+        Rails::Generators::CredentialsGenerator.prepend(RailsEnvCredentials::CredentialsOverwrite)
+        Rails::Generators::CredentialsGenerator.new
+      end
+    end
+  end
+end

data/lib/rails_env_credentials.rb

@@ -1,26 +1,32 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/module/delegation"
 require "rails"
-
-require "rails_env_credentials/configuration"
-require "rails_env_credentials/credentials_loading"
+require "rails_env_credentials/config"
+require "rails_env_credentials/credentials_overwrite"
 require "rails_env_credentials/railtie"
 require "rails_env_credentials/version"
 
 module RailsEnvCredentials
   class << self
-    delegate :credentials, :include_env?, :key_path, to: :config
+    def config_path=(path)
+      if path.end_with?('credentials.yml.enc')
+        env = 'production'
+      else
+        env = /-(\w+)\.yml\.enc\Z/.match(path).to_a[1]
+      end
+      @config = Config.new(env: env, config_path: path)
+    end
 
-    def configure
-      yield config
-      config.reload!
+    def env=(env)
+      @config = Config.new(env: env)
     end
 
-    private
+    def options
+      (@config || Config.new).to_options
+    end
 
-    def config
-      @config ||= Configuration.new
+    def credentials
+      ActiveSupport::EncryptedConfiguration.new(options)
     end
   end
 end

data/lib/rails_env_credentials/config.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module RailsEnvCredentials
+  class Config
+    attr_reader :env
+
+    def initialize(env: nil, config_path: nil)
+      @env = env.nil? ? Rails.env : ActiveSupport::StringInquirer.new(env)
+      @config_path = config_path
+    end
+
+    def to_options
+      env_key = env_suffix("RAILS_MASTER_KEY", "_").upcase
+      key_path = "config/#{env_suffix("master")}.key"
+
+      {
+        config_path: config_path,
+        env_key: env_key,
+        key_path: key_path,
+        raise_if_missing_key: false
+      }
+    end
+
+    private
+
+    def config_path
+      @config_path || "config/#{env_suffix("credentials")}.yml.enc"
+    end
+
+    def env_suffix(str, suffix = "-")
+      env.production? ? str : [str, suffix, env].join
+    end
+  end
+end

data/lib/rails_env_credentials/{credentials_loading.rb → credentials_overwrite.rb}

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module RailsEnvCredentials
-  module CredentialsLoading
+  module CredentialsOverwrite
     def credentials
       @credentials ||= RailsEnvCredentials.credentials
     end

data/lib/rails_env_credentials/railtie.rb

@@ -1,11 +1,9 @@
 # frozen_string_literal: true
 
-require "rails_env_credentials/credentials_loading"
-
 module RailsEnvCredentials
   class Railtie < ::Rails::Railtie
     initializer 'rails-env-credentials' do
-      Rails::Application.prepend(CredentialsLoading)
+      Rails::Application.prepend(CredentialsOverwrite)
     end
   end
 end

data/lib/rails_env_credentials/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsEnvCredentials
-  VERSION = "0.0.1"
+  VERSION = "0.1.0"
 end

data/rails-env-credentials.gemspec

@@ -10,8 +10,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ["sinsoku"]
   spec.email         = ["sinsoku.listy@gmail.com"]
 
-  spec.summary       = "It enhances the credentials configuration configuration introduced by Rails v5.2.0"
-  spec.description   = "It enhances the credentials configuration configuration introduced by Rails v5.2.0"
+  spec.summary       = "It enhances the credentials configuration introduced by Rails v5.2.0"
+  spec.description   = "It enhances the credentials configuration introduced by Rails v5.2.0"
   spec.homepage      = "https://github.com/sinsoku/rails-env-credentials"
   spec.license       = "MIT"
 
@@ -22,8 +22,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  # TODO: Add a dependecy after the v5.2.0 releases
-  # spec.add_dependency "rails", ">= 5.2.0"
+  spec.add_dependency "rails", ">= 5.2.0.rc1"
 
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "rake", "~> 10.0"

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rails-env-credentials
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - sinsoku
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-01-03 00:00:00.000000000 Z
+date: 2018-02-10 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.2.0.rc1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.2.0.rc1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,8 +66,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-description: It enhances the credentials configuration configuration introduced by
-  Rails v5.2.0
+description: It enhances the credentials configuration introduced by Rails v5.2.0
 email:
 - sinsoku.listy@gmail.com
 executables: []
@@ -65,20 +78,20 @@ files:
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
 - bin/setup
+- config/environments/development.rb
+- config/environments/production.rb
+- config/environments/staging.rb
+- config/environments/test.rb
 - lib/rails-env-credentials.rb
+- lib/rails/commands/env_credentials_command.rb
 - lib/rails_env_credentials.rb
-- lib/rails_env_credentials/command.rb
-- lib/rails_env_credentials/command/environment_loading.rb
-- lib/rails_env_credentials/command/master_key_path_reloading.rb
-- lib/rails_env_credentials/configuration.rb
-- lib/rails_env_credentials/credentials_loading.rb
-- lib/rails_env_credentials/encrypted_configuration.rb
+- lib/rails_env_credentials/config.rb
+- lib/rails_env_credentials/credentials_overwrite.rb
 - lib/rails_env_credentials/railtie.rb
 - lib/rails_env_credentials/version.rb
 - rails-env-credentials.gemspec
@@ -105,6 +118,5 @@ rubyforge_project:
 rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
-summary: It enhances the credentials configuration configuration introduced by Rails
-  v5.2.0
+summary: It enhances the credentials configuration introduced by Rails v5.2.0
 test_files: []

data/Gemfile.lock

@@ -1,143 +0,0 @@
-GIT
-  remote: https://github.com/rails/rails
-  revision: 921b877c2fd51cc0abdcf0ef6ca3528808047056
-  specs:
-    actioncable (5.2.0.beta2)
-      actionpack (= 5.2.0.beta2)
-      nio4r (~> 2.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.2.0.beta2)
-      actionpack (= 5.2.0.beta2)
-      actionview (= 5.2.0.beta2)
-      activejob (= 5.2.0.beta2)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.2.0.beta2)
-      actionview (= 5.2.0.beta2)
-      activesupport (= 5.2.0.beta2)
-      rack (~> 2.0)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.0.beta2)
-      activesupport (= 5.2.0.beta2)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.0.beta2)
-      activesupport (= 5.2.0.beta2)
-      globalid (>= 0.3.6)
-    activemodel (5.2.0.beta2)
-      activesupport (= 5.2.0.beta2)
-    activerecord (5.2.0.beta2)
-      activemodel (= 5.2.0.beta2)
-      activesupport (= 5.2.0.beta2)
-      arel (>= 9.0)
-    activestorage (5.2.0.beta2)
-      actionpack (= 5.2.0.beta2)
-      activerecord (= 5.2.0.beta2)
-    activesupport (5.2.0.beta2)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    rails (5.2.0.beta2)
-      actioncable (= 5.2.0.beta2)
-      actionmailer (= 5.2.0.beta2)
-      actionpack (= 5.2.0.beta2)
-      actionview (= 5.2.0.beta2)
-      activejob (= 5.2.0.beta2)
-      activemodel (= 5.2.0.beta2)
-      activerecord (= 5.2.0.beta2)
-      activestorage (= 5.2.0.beta2)
-      activesupport (= 5.2.0.beta2)
-      bundler (>= 1.3.0)
-      railties (= 5.2.0.beta2)
-      sprockets-rails (>= 2.0.0)
-    railties (5.2.0.beta2)
-      actionpack (= 5.2.0.beta2)
-      activesupport (= 5.2.0.beta2)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-
-PATH
-  remote: .
-  specs:
-    rails-env-credentials (0.0.1)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    arel (9.0.0)
-    builder (3.2.3)
-    concurrent-ruby (1.0.5)
-    crass (1.0.3)
-    diff-lcs (1.3)
-    erubi (1.7.0)
-    globalid (0.4.1)
-      activesupport (>= 4.2.0)
-    i18n (0.9.1)
-      concurrent-ruby (~> 1.0)
-    loofah (2.1.1)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.0)
-      mini_mime (>= 0.1.1)
-    method_source (0.9.0)
-    mini_mime (1.0.0)
-    mini_portile2 (2.3.0)
-    minitest (5.11.0)
-    nio4r (2.2.0)
-    nokogiri (1.8.1)
-      mini_portile2 (~> 2.3.0)
-    rack (2.0.3)
-    rack-test (0.8.2)
-      rack (>= 1.0, < 3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    rake (10.5.0)
-    rspec (3.7.0)
-      rspec-core (~> 3.7.0)
-      rspec-expectations (~> 3.7.0)
-      rspec-mocks (~> 3.7.0)
-    rspec-core (3.7.0)
-      rspec-support (~> 3.7.0)
-    rspec-expectations (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-mocks (3.7.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-support (3.7.0)
-    sprockets (3.7.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    thor (0.20.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.4)
-      thread_safe (~> 0.1)
-    websocket-driver (0.6.5)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.16)
-  rails!
-  rails-env-credentials!
-  rake (~> 10.0)
-  rspec (~> 3.0)
-
-BUNDLED WITH
-   1.16.1

data/lib/rails_env_credentials/command.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-require "rails_env_credentials"
-require "rails_env_credentials/command/environment_loading"
-require "rails_env_credentials/command/master_key_path_reloading"
-
-# Allow environment argument in `credentials:edit` command
-require "rails/command"
-require "rails/commands/credentials/credentials_command"
-require "rails/command/environment_argument"
-Rails::Command::CredentialsCommand.include(Rails::Command::EnvironmentArgument)
-Rails::Command::CredentialsCommand.prepend(RailsEnvCredentials::EnvironmentLoading)
-
-# Reload master key path before use it
-require "rails/generators"
-require "rails/generators/rails/master_key/master_key_generator"
-Rails::Generators::MasterKeyGenerator.prepend(RailsEnvCredentials::MasterKeyPathReloading)
-
-# Use EnvCredentials instead of original credentials
-require "rails/generators/rails/credentials/credentials_generator"
-Rails::Generators::CredentialsGenerator.prepend(RailsEnvCredentials::CredentialsLoading)

data/lib/rails_env_credentials/command/environment_loading.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module RailsEnvCredentials
-  module EnvironmentLoading
-    def edit
-      extract_environment_option_from_argument
-      ENV["RAILS_ENV"] = options[:environment]
-      super
-    end
-
-    def show
-      extract_environment_option_from_argument
-      ENV["RAILS_ENV"] = options[:environment]
-      super
-    end
-  end
-end

data/lib/rails_env_credentials/command/master_key_path_reloading.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module RailsEnvCredentials
-  module MasterKeyPathReloading
-    def add_master_key_file
-      self.class.send(:remove_const, :MASTER_KEY_PATH)
-      self.class.const_set(:MASTER_KEY_PATH, Pathname.new(RailsEnvCredentials.key_path))
-      super
-    end
-  end
-end

data/lib/rails_env_credentials/configuration.rb

@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-
-require "rails_env_credentials/encrypted_configuration"
-
-module RailsEnvCredentials
-  class Configuration
-    attr_accessor :default
-    delegate :[], :fetch, to: :env_config
-    delegate_missing_to :env_config
-
-    def initialize
-      @default = {
-        config_path: "config/credentials.yml.enc",
-        key_path: "config/master.key",
-        env_key: "RAILS_MASTER_KEY",
-        require_master_key: false,
-        include_env: false
-      }
-    end
-
-    def credentials
-      EncryptedConfiguration.new(
-        config_path: Rails.root.join(current_config[:config_path]),
-        key_path: Rails.root.join(current_config[:key_path]),
-        env_key: current_config[:env_key],
-        raise_if_missing_key: current_config[:require_master_key]
-      )
-    end
-
-    def include_env?
-      current_config[:include_env]
-    end
-
-    def key_path
-      current_config[:key_path]
-    end
-
-    def reload!
-      @current_config = nil
-    end
-
-    private
-
-    def current_config
-      @current_config ||= default.merge(env_config[Rails.env])
-    end
-
-    def env_config
-      @env_config ||= ActiveSupport::InheritableOptions.new(
-        development: {},
-        test: {},
-        production: {}
-      )
-    end
-  end
-end

data/lib/rails_env_credentials/encrypted_configuration.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/encrypted_configuration"
-
-module RailsEnvCredentials
-  class EncryptedConfiguration < ActiveSupport::EncryptedConfiguration
-    def config
-      if RailsEnvCredentials.include_env?
-        super[Rails.env.to_sym] || {}
-      else
-        super
-      end
-    end
-  end
-end