rails_environment_credentials 0.0.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8831db67391191047589682a975a189698cf6ba971835a9057b3d9e308938b50
4
- data.tar.gz: 7879944840d8771d97098524cb9792ea66049365cc3f92a7db75581f7bcc61e9
3
+ metadata.gz: b0bc50255d24f36f9dc4f8e78483ccbcd178923325ba62d7fc0701ff46280938
4
+ data.tar.gz: 4081b66804587ab5ac1e63eee66603b5865c997a5ce90e70ca34cf48ddd27020
5
5
  SHA512:
6
- metadata.gz: 7898632f7087e6e5b922c5b29c61e1410287efa114ec67512cc81caf9f6297149bb4243baf6b25b5e74f645334cc8eeaef5a2eda5a1c9f6679cd89a17bd6f7b2
7
- data.tar.gz: ac3c92f5610a920d5c0b46f172a72fb75cf0e4a573e58b77277d5d5dba6cd92487f89307b208b73369a2dfbed3683eff383ee0bdbf50362439ebd2612c4d60a4
6
+ metadata.gz: 8e4377e17b1d8b4a65c23c60523a69ece824829798f010cfabf51e75f542fa9b2e0fdd72f66aaccbaf9a6af627a26fc6f186e0c39cb4ac3cd550bb8446e59aee
7
+ data.tar.gz: 49206b1f962ae9ddfd370d054b0843f12b7ab70b217c8d51054f9d3c5fa26a52cf15721a3892dda81864dbebd6de4bef5df4a17572154877430e96f0c19da3e5
data/README.md CHANGED
@@ -1 +1,52 @@
1
- # rails-environment-credentials
1
+ # rails-environment-credentials
2
+
3
+ This gem expands the capabilities of `Rails.application.credentials` to support many different environments, as well as multiple ways to load the key.
4
+
5
+ By default, the credentials will be loaded from `config/credentials/#{Rails.env}.{yml.enc|.key}`, a different environment can be specified in the credentials config file.
6
+
7
+
8
+ ## Show/Edit Credentials
9
+
10
+ `bin/rails env_creds:show\[some_special_environment\]`
11
+
12
+ `bin/rails env_creds:edit\[some_special_environment\]`
13
+
14
+
15
+ ## Key Strategies
16
+
17
+ ### nil/none/rails
18
+ This is the default strategy. Tthe key will be loaded the same way rails does it traditionally, by looking at the `RAILS_MASTER_KEY` environment variable, then from `config/credentials/some_environment.key`.
19
+
20
+ ### raw
21
+ The key will be defined in the credentials config file.
22
+
23
+ Example `config/credentials.yml`:
24
+ ```yaml
25
+ key_strategy: raw
26
+ key_strategy_options:
27
+ key: 123abc456def789
28
+ ```
29
+
30
+ ### azure_key_vault_managed_identity
31
+ The key will be loaded from Azure Key Vault using an `access_token` from the VM's managed identity.
32
+
33
+ Example `config/credentials.yml`:
34
+ ```yaml
35
+ key_strategy: azure_key_vault_managed_identity
36
+ key_strategy_options:
37
+ vault: some-key-vault
38
+ secret_name: some-environment-master-key
39
+ ```
40
+
41
+
42
+ ## Credentials Config File
43
+
44
+ It is recommended to keep this file in `.gitignore`
45
+
46
+ ```yaml
47
+ environment: some-special-environment # Which environment credentials to load: `config/credentials/some-special-environment.yml.enc`
48
+
49
+ key_strategy: none|rails|raw|azure_key_vault_managed_identity # Which key strategy to use
50
+
51
+ key_strategy_options: # The options for the chosen key strategy
52
+ ```
@@ -1,6 +1,36 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RailsEnvironmentCredentials
4
+ class CredentialsConfig < ActiveSupport::OrderedOptions
5
+
6
+ def environment
7
+ super || default_credentials_environment
8
+ end
9
+
10
+ def content_path
11
+ super || default_credentials_content_path
12
+ end
13
+
14
+ def key_path
15
+ super || default_credentials_key_path
16
+ end
17
+
18
+ private
19
+
20
+ def default_credentials_environment
21
+ ENV.fetch('RAILS_CREDENTIALS_ENV') { Rails.env }
22
+ end
23
+
24
+ def default_credentials_content_path
25
+ Rails.root.join('config', 'credentials', "#{environment}.yml.enc")
26
+ end
27
+
28
+ def default_credentials_key_path
29
+ Rails.root.join('config', 'credentials', "#{environment}.key")
30
+ end
31
+
32
+ end
33
+
4
34
  module Configuration
5
35
  extend ActiveSupport::Concern
6
36
 
@@ -10,11 +40,8 @@ module RailsEnvironmentCredentials
10
40
 
11
41
  def initialize(*)
12
42
  super
13
- @credentials = ActiveSupport::OrderedOptions.new
43
+ @credentials = CredentialsConfig.new
14
44
  @credentials.merge! credentials_config
15
- @credentials.environment ||= default_credentials_environment
16
- @credentials.content_path ||= default_credentials_content_path
17
- @credentials.key_path ||= default_credentials_key_path
18
45
  end
19
46
 
20
47
  private
@@ -24,17 +51,5 @@ module RailsEnvironmentCredentials
24
51
  @credentials_config ||= (path.exist? ? YAML.safe_load(path.read) : {}).symbolize_keys
25
52
  end
26
53
 
27
- def default_credentials_environment
28
- ENV.fetch('RAILS_CREDENTIALS_ENV') { Rails.env }
29
- end
30
-
31
- def default_credentials_content_path
32
- root.join('config', 'credentials', "#{credentials.environment}.yml.enc")
33
- end
34
-
35
- def default_credentials_key_path
36
- root.join('config', 'credentials', "#{credentials.environment}.key")
37
- end
38
-
39
54
  end
40
55
  end
@@ -6,6 +6,8 @@ module RailsEnvironmentCredentials
6
6
  class None < Base; end
7
7
 
8
8
  add(nil, None)
9
+ add('none', None)
10
+ add('rails', None)
9
11
 
10
12
  end
11
13
  end
@@ -6,7 +6,7 @@ module RailsEnvironmentCredentials
6
6
  class Raw < Base
7
7
 
8
8
  def key
9
- Rails.application.config.credentials.raw_key
9
+ Rails.application.config.credentials.key_strategy_options['key']
10
10
  end
11
11
 
12
12
  end
@@ -0,0 +1,12 @@
1
+ require 'rails'
2
+
3
+ module RailsEnvironmentCredentials
4
+ class Railtie < Rails::Railtie
5
+ railtie_name :rails_environment_credentials
6
+
7
+ rake_tasks do
8
+ load 'tasks/credentials.rake'
9
+ end
10
+
11
+ end
12
+ end
@@ -4,8 +4,8 @@ module RailsEnvironmentCredentials
4
4
 
5
5
  module Version
6
6
  MAJOR = 0
7
- MINOR = 0
8
- PATCH = 1
7
+ MINOR = 3
8
+ PATCH = 0
9
9
 
10
10
  end
11
11
 
@@ -10,6 +10,7 @@ require 'rails_environment_credentials/configuration'
10
10
  require 'rails_environment_credentials/encrypted_configuration'
11
11
  require 'rails_environment_credentials/encrypted_file'
12
12
  require 'rails_environment_credentials/key_strategies'
13
+ require 'rails_environment_credentials/railtie'
13
14
  require 'rails_environment_credentials/version'
14
15
 
15
16
  Rails::Application::Configuration.send(:include, RailsEnvironmentCredentials::Configuration)
@@ -0,0 +1,26 @@
1
+ namespace :env_creds do
2
+ task :show, [:environment] do |_, args|
3
+ env = args[:environment]
4
+ if env.blank?
5
+ system('bin/rails credentials:show')
6
+ else
7
+ env.downcase!
8
+ file = "config/credentials/#{env}.yml.enc"
9
+ key = "config/credentials/#{env}.key"
10
+ system("bin/rails encrypted:show #{file} -k #{key}")
11
+ end
12
+ end
13
+
14
+ task :edit, [:environment] do |_, args|
15
+ ENV['EDITOR'] += ' --wait' if ENV['EDITOR'].present? && (ENV['EDITOR'] == 'code' || ENV['EDITOR'].ends_with?('/code')) # Stupid fix for vscode exiting too quickly
16
+ env = args[:environment]
17
+ if env.blank?
18
+ system('bin/rails credentials:edit')
19
+ else
20
+ env.downcase!
21
+ file = "config/credentials/#{env}.yml.enc"
22
+ key = "config/credentials/#{env}.key"
23
+ system("bin/rails encrypted:edit #{file} -k #{key}")
24
+ end
25
+ end
26
+ end
@@ -3,7 +3,7 @@
3
3
  $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
4
4
  require 'rails_environment_credentials/version'
5
5
 
6
- Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
6
+ Gem::Specification.new do |s|
7
7
  s.name = 'rails_environment_credentials'
8
8
  s.version = RailsEnvironmentCredentials::VERSION
9
9
  s.authors = ['Taylor Yelverton']
@@ -29,4 +29,6 @@ Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
29
29
 
30
30
  s.add_dependency('activesupport', '>= 5.0.0')
31
31
  s.add_dependency('railties', '>= 5.0.0')
32
+
33
+ s.add_dependency('httparty', '~> 0.17.0')
32
34
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_environment_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-24 00:00:00.000000000 Z
11
+ date: 2022-09-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: 5.0.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: httparty
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: 0.17.0
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: 0.17.0
41
55
  description: Add support for different credentials for different environments to Rails
42
56
  email: rubygems@yelvert.io
43
57
  executables: []
@@ -55,7 +69,9 @@ files:
55
69
  - lib/rails_environment_credentials/key_strategies/base.rb
56
70
  - lib/rails_environment_credentials/key_strategies/none.rb
57
71
  - lib/rails_environment_credentials/key_strategies/raw.rb
72
+ - lib/rails_environment_credentials/railtie.rb
58
73
  - lib/rails_environment_credentials/version.rb
74
+ - lib/tasks/credentials.rake
59
75
  - rails_environment_credentials.gemspec
60
76
  homepage: https://github.com/ComplyMD/rails_environment_credentials
61
77
  licenses: