rails_environment_credentials 0.0.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8831db67391191047589682a975a189698cf6ba971835a9057b3d9e308938b50
-  data.tar.gz: 7879944840d8771d97098524cb9792ea66049365cc3f92a7db75581f7bcc61e9
+  metadata.gz: b0bc50255d24f36f9dc4f8e78483ccbcd178923325ba62d7fc0701ff46280938
+  data.tar.gz: 4081b66804587ab5ac1e63eee66603b5865c997a5ce90e70ca34cf48ddd27020
 SHA512:
-  metadata.gz: 7898632f7087e6e5b922c5b29c61e1410287efa114ec67512cc81caf9f6297149bb4243baf6b25b5e74f645334cc8eeaef5a2eda5a1c9f6679cd89a17bd6f7b2
-  data.tar.gz: ac3c92f5610a920d5c0b46f172a72fb75cf0e4a573e58b77277d5d5dba6cd92487f89307b208b73369a2dfbed3683eff383ee0bdbf50362439ebd2612c4d60a4
+  metadata.gz: 8e4377e17b1d8b4a65c23c60523a69ece824829798f010cfabf51e75f542fa9b2e0fdd72f66aaccbaf9a6af627a26fc6f186e0c39cb4ac3cd550bb8446e59aee
+  data.tar.gz: 49206b1f962ae9ddfd370d054b0843f12b7ab70b217c8d51054f9d3c5fa26a52cf15721a3892dda81864dbebd6de4bef5df4a17572154877430e96f0c19da3e5

data/README.md

@@ -1 +1,52 @@
-# rails-environment-credentials
+# rails-environment-credentials
+
+This gem expands the capabilities of `Rails.application.credentials` to support many different environments, as well as multiple ways to load the key.
+
+By default, the credentials will be loaded from `config/credentials/#{Rails.env}.{yml.enc|.key}`, a different environment can be specified in the credentials config file.
+
+
+## Show/Edit Credentials
+
+`bin/rails env_creds:show\[some_special_environment\]`
+
+`bin/rails env_creds:edit\[some_special_environment\]`
+
+
+## Key Strategies
+
+### nil/none/rails
+This is the default strategy. Tthe key will be loaded the same way rails does it traditionally, by looking at the `RAILS_MASTER_KEY` environment variable, then from `config/credentials/some_environment.key`.
+
+### raw
+The key will be defined in the credentials config file.
+
+Example `config/credentials.yml`:
+```yaml
+key_strategy: raw
+key_strategy_options:
+  key: 123abc456def789
+```
+
+### azure_key_vault_managed_identity
+The key will be loaded from Azure Key Vault using an `access_token` from the VM's managed identity.
+
+Example `config/credentials.yml`:
+```yaml
+key_strategy: azure_key_vault_managed_identity
+key_strategy_options:
+  vault: some-key-vault
+  secret_name: some-environment-master-key
+```
+
+
+## Credentials Config File
+
+It is recommended to keep this file in `.gitignore`
+
+```yaml
+environment: some-special-environment # Which environment credentials to load: `config/credentials/some-special-environment.yml.enc`
+
+key_strategy: none|rails|raw|azure_key_vault_managed_identity # Which key strategy to use
+
+key_strategy_options: # The options for the chosen key strategy
+```

data/lib/rails_environment_credentials/configuration.rb

@@ -1,6 +1,36 @@
 # frozen_string_literal: true
 
 module RailsEnvironmentCredentials
+  class CredentialsConfig < ActiveSupport::OrderedOptions
+
+    def environment
+      super || default_credentials_environment
+    end
+
+    def content_path
+      super || default_credentials_content_path
+    end
+
+    def key_path
+      super || default_credentials_key_path
+    end
+
+    private
+
+      def default_credentials_environment
+        ENV.fetch('RAILS_CREDENTIALS_ENV') { Rails.env }
+      end
+
+      def default_credentials_content_path
+        Rails.root.join('config', 'credentials', "#{environment}.yml.enc")
+      end
+
+      def default_credentials_key_path
+        Rails.root.join('config', 'credentials', "#{environment}.key")
+      end
+
+  end
+
   module Configuration
     extend ActiveSupport::Concern
 
@@ -10,11 +40,8 @@ module RailsEnvironmentCredentials
 
     def initialize(*)
       super
-      @credentials = ActiveSupport::OrderedOptions.new
+      @credentials = CredentialsConfig.new
       @credentials.merge! credentials_config
-      @credentials.environment ||= default_credentials_environment
-      @credentials.content_path ||= default_credentials_content_path
-      @credentials.key_path ||= default_credentials_key_path
     end
 
     private
@@ -24,17 +51,5 @@ module RailsEnvironmentCredentials
         @credentials_config ||= (path.exist? ? YAML.safe_load(path.read) : {}).symbolize_keys
       end
 
-      def default_credentials_environment
-        ENV.fetch('RAILS_CREDENTIALS_ENV') { Rails.env }
-      end
-
-      def default_credentials_content_path
-        root.join('config', 'credentials', "#{credentials.environment}.yml.enc")
-      end
-
-      def default_credentials_key_path
-        root.join('config', 'credentials', "#{credentials.environment}.key")
-      end
-
   end
 end

data/lib/rails_environment_credentials/key_strategies/none.rb

@@ -6,6 +6,8 @@ module RailsEnvironmentCredentials
     class None < Base; end
 
     add(nil, None)
+    add('none', None)
+    add('rails', None)
 
   end
 end

data/lib/rails_environment_credentials/key_strategies/raw.rb

@@ -6,7 +6,7 @@ module RailsEnvironmentCredentials
     class Raw < Base
 
       def key
-        Rails.application.config.credentials.raw_key
+        Rails.application.config.credentials.key_strategy_options['key']
       end
 
     end

data/lib/rails_environment_credentials/railtie.rb

@@ -0,0 +1,12 @@
+require 'rails'
+
+module RailsEnvironmentCredentials
+  class Railtie < Rails::Railtie
+    railtie_name :rails_environment_credentials
+
+    rake_tasks do
+      load 'tasks/credentials.rake'
+    end
+
+  end
+end

data/lib/rails_environment_credentials/version.rb

@@ -4,8 +4,8 @@ module RailsEnvironmentCredentials
 
   module Version
     MAJOR = 0
-    MINOR = 0
-    PATCH = 1
+    MINOR = 3
+    PATCH = 0
 
   end
 

data/lib/rails_environment_credentials.rb

@@ -10,6 +10,7 @@ require 'rails_environment_credentials/configuration'
 require 'rails_environment_credentials/encrypted_configuration'
 require 'rails_environment_credentials/encrypted_file'
 require 'rails_environment_credentials/key_strategies'
+require 'rails_environment_credentials/railtie'
 require 'rails_environment_credentials/version'
 
 Rails::Application::Configuration.send(:include, RailsEnvironmentCredentials::Configuration)

data/lib/tasks/credentials.rake

@@ -0,0 +1,26 @@
+namespace :env_creds do
+  task :show, [:environment] do |_, args|
+    env = args[:environment]
+    if env.blank?
+      system('bin/rails credentials:show')
+    else
+      env.downcase!
+      file = "config/credentials/#{env}.yml.enc"
+      key = "config/credentials/#{env}.key"
+      system("bin/rails encrypted:show #{file} -k #{key}")
+    end
+  end
+
+  task :edit, [:environment] do |_, args|
+    ENV['EDITOR'] += ' --wait' if ENV['EDITOR'].present? && (ENV['EDITOR'] == 'code' || ENV['EDITOR'].ends_with?('/code')) # Stupid fix for vscode exiting too quickly
+    env = args[:environment]
+    if env.blank?
+      system('bin/rails credentials:edit')
+    else
+      env.downcase!
+      file = "config/credentials/#{env}.yml.enc"
+      key = "config/credentials/#{env}.key"
+      system("bin/rails encrypted:edit #{file} -k #{key}")
+    end
+  end
+end

data/rails_environment_credentials.gemspec

@@ -3,7 +3,7 @@
 $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
 require 'rails_environment_credentials/version'
 
-Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
+Gem::Specification.new do |s|
   s.name        = 'rails_environment_credentials'
   s.version     = RailsEnvironmentCredentials::VERSION
   s.authors     = ['Taylor Yelverton']
@@ -29,4 +29,6 @@ Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
 
   s.add_dependency('activesupport', '>= 5.0.0')
   s.add_dependency('railties', '>= 5.0.0')
+
+  s.add_dependency('httparty', '~> 0.17.0')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_environment_credentials
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Taylor Yelverton
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-24 00:00:00.000000000 Z
+date: 2022-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.17.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.17.0
 description: Add support for different credentials for different environments to Rails
 email: rubygems@yelvert.io
 executables: []
@@ -55,7 +69,9 @@ files:
 - lib/rails_environment_credentials/key_strategies/base.rb
 - lib/rails_environment_credentials/key_strategies/none.rb
 - lib/rails_environment_credentials/key_strategies/raw.rb
+- lib/rails_environment_credentials/railtie.rb
 - lib/rails_environment_credentials/version.rb
+- lib/tasks/credentials.rake
 - rails_environment_credentials.gemspec
 homepage: https://github.com/ComplyMD/rails_environment_credentials
 licenses: