RubyGems - rails_environment_credentials - Versions diffs - 0.0.1 - Mend

rails_environment_credentials 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +7 -0
data/README.md +1 -0
data/lib/rails_environment_credentials/application.rb +34 -0
data/lib/rails_environment_credentials/configuration.rb +40 -0
data/lib/rails_environment_credentials/encrypted_configuration.rb +14 -0
data/lib/rails_environment_credentials/encrypted_file.rb +22 -0
data/lib/rails_environment_credentials/key_strategies/azure_key_vault_managed_identity.rb +73 -0
data/lib/rails_environment_credentials/key_strategies/base.rb +18 -0
data/lib/rails_environment_credentials/key_strategies/none.rb +11 -0
data/lib/rails_environment_credentials/key_strategies/raw.rb +17 -0
data/lib/rails_environment_credentials/key_strategies.rb +26 -0
data/lib/rails_environment_credentials/version.rb +18 -0
data/lib/rails_environment_credentials.rb +18 -0
data/rails_environment_credentials.gemspec +32 -0
metadata +89 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8831db67391191047589682a975a189698cf6ba971835a9057b3d9e308938b50
+  data.tar.gz: 7879944840d8771d97098524cb9792ea66049365cc3f92a7db75581f7bcc61e9
+SHA512:
+  metadata.gz: 7898632f7087e6e5b922c5b29c61e1410287efa114ec67512cc81caf9f6297149bb4243baf6b25b5e74f645334cc8eeaef5a2eda5a1c9f6679cd89a17bd6f7b2
+  data.tar.gz: ac3c92f5610a920d5c0b46f172a72fb75cf0e4a573e58b77277d5d5dba6cd92487f89307b208b73369a2dfbed3683eff383ee0bdbf50362439ebd2612c4d60a4

data/README.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # rails-environment-credentials

data/lib/rails_environment_credentials/application.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module Application
+    extend ActiveSupport::Concern
+    included do
+      def credentials
+        @credentials ||= encrypted(config.credentials.content_path, key_path: config.credentials.key_path, key: credentials_key)
+      end
+      def encrypted(path, key_path: 'config/master.key', env_key: 'RAILS_MASTER_KEY', key: nil)
+        ActiveSupport::EncryptedConfiguration.new(
+          config_path: Rails.root.join(path),
+          key_path: Rails.root.join(key_path),
+          env_key: env_key,
+          key: key,
+          raise_if_missing_key: config.require_master_key
+        )
+      end
+    end
+    def credentials_key_strategy
+      @credentials_key_strategy ||= RailsEnvironmentCredentials::KeyStrategies.
+        get(config.credentials.key_strategy).
+        new(config.credentials.key_strategy_options)
+    end
+    def credentials_key
+      @credentials_key ||= credentials_key_strategy.key
+    end
+  end
+end

data/lib/rails_environment_credentials/configuration.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module Configuration
+    extend ActiveSupport::Concern
+    included do
+      attr_accessor :credentials
+    end
+    def initialize(*)
+      super
+      @credentials = ActiveSupport::OrderedOptions.new
+      @credentials.merge! credentials_config
+      @credentials.environment ||= default_credentials_environment
+      @credentials.content_path ||= default_credentials_content_path
+      @credentials.key_path ||= default_credentials_key_path
+    end
+    private
+      def credentials_config
+        path = root.join('config/credentials.yml')
+        @credentials_config ||= (path.exist? ? YAML.safe_load(path.read) : {}).symbolize_keys
+      end
+      def default_credentials_environment
+        ENV.fetch('RAILS_CREDENTIALS_ENV') { Rails.env }
+      end
+      def default_credentials_content_path
+        root.join('config', 'credentials', "#{credentials.environment}.yml.enc")
+      end
+      def default_credentials_key_path
+        root.join('config', 'credentials', "#{credentials.environment}.key")
+      end
+  end
+end

data/lib/rails_environment_credentials/encrypted_configuration.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module EncryptedConfiguration
+    extend ActiveSupport::Concern
+    included do
+      def initialize(config_path:, key_path:, env_key:, raise_if_missing_key:, key: nil)
+        super(content_path: config_path, key_path: key_path, env_key: env_key, raise_if_missing_key: raise_if_missing_key, key: key)
+      end
+    end
+  end
+end

data/lib/rails_environment_credentials/encrypted_file.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module EncryptedFile
+    extend ActiveSupport::Concern
+    included do
+      def initialize(content_path:, key_path:, env_key:, raise_if_missing_key:, key: nil)
+        @content_path = Pathname.new(content_path)
+        @key_path = Pathname.new(key_path)
+        @env_key = env_key
+        @raise_if_missing_key = raise_if_missing_key
+        @key = key unless key.nil?
+      end
+      def key
+        @key || read_env_key || read_key_file || handle_missing_key
+      end
+    end
+  end
+end

data/lib/rails_environment_credentials/key_strategies/azure_key_vault_managed_identity.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module KeyStrategies
+    class AzureKeyVaultManagedIdentity < Base
+      def access_token
+        response = HTTParty.get( # rubocop:disable Style/RescueModifier
+          'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net',
+          {
+            headers: { Metadata: 'true' },
+            timeout: 1,
+            open_timeout: 1,
+            read_timeout: 1,
+          }
+        ) rescue nil
+        raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity access_token: unable to get' unless response
+        raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity access_token: unable to parse response' unless response.parsed_response.is_a?(Hash)
+        token = response.parsed_response['access_token']
+        raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity access_token: fetch failed' unless token.present?
+        token
+      end
+      def vault_url
+        @vault_url ||= if options.key?(:vault_url)
+                         options[:vault_url]
+                       elsif options[:vault]
+                         "https://#{options[:vault]}.vault.azure.net/"
+                       else
+                         raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity vault_url: must supply either vault or vault_url'
+                       end
+      end
+      def secret_name
+        @secret_name ||= if options.key?(:secret_name)
+                           options[:secret_name]
+                         else
+                           raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity secret_name: must supply secret_name'
+                         end
+      end
+      def secret_url
+        @secret_url ||= if options.key?(:secret_url)
+                          options[:secret_url]
+                        else
+                          "#{vault_url}/secrets/#{secret_name}?api-version=2016-10-01"
+                        end
+      end
+      def key
+        response = HTTParty.get( # rubocop:disable Style/RescueModifier
+          secret_url,
+          {
+            headers: { Authorization: "Bearer #{access_token}" },
+            timeout: 1,
+            open_timeout: 1,
+            read_timeout: 1,
+          }
+        ) rescue nil
+        raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity key: unable to get secret' unless response
+        raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity key: unable to parse response' unless response.parsed_response.is_a?(Hash)
+        secret = response.parsed_response['value']
+        raise 'CredentialsKeyStrategy AzureKeyVaultManagedIdentity key: fetch failed' unless secret.present?
+        secret
+      end
+    end
+    add(:azure_key_vault_managed_identity, AzureKeyVaultManagedIdentity)
+  end
+end

data/lib/rails_environment_credentials/key_strategies/base.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module KeyStrategies
+    class Base
+      attr_reader :options
+      def initialize(opts = {})
+        @options = (opts || {}).with_indifferent_access
+      end
+      def key
+        nil
+      end
+    end
+  end
+end

data/lib/rails_environment_credentials/key_strategies/none.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module KeyStrategies
+    class None < Base; end
+    add(nil, None)
+  end
+end

data/lib/rails_environment_credentials/key_strategies/raw.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module KeyStrategies
+    class Raw < Base
+      def key
+        Rails.application.config.credentials.raw_key
+      end
+    end
+    add(:raw, Raw)
+  end
+end

data/lib/rails_environment_credentials/key_strategies.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module KeyStrategies
+    @map = {}.with_indifferent_access
+    class << self
+      attr_reader :map
+      def get(strategy)
+        map[strategy] || raise("CredentialsKeyStrategy unknown strategy: #{strategy}")
+      end
+      def add(name, klass)
+        map[name] = klass
+      end
+    end
+  end
+end
+require 'rails_environment_credentials/key_strategies/base'
+require 'rails_environment_credentials/key_strategies/none'
+require 'rails_environment_credentials/key_strategies/raw'
+require 'rails_environment_credentials/key_strategies/azure_key_vault_managed_identity'

data/lib/rails_environment_credentials/version.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module RailsEnvironmentCredentials
+  module Version
+    MAJOR = 0
+    MINOR = 0
+    PATCH = 1
+  end
+  VERSION = [
+    Version::MAJOR,
+    Version::MINOR,
+    Version::PATCH,
+  ].join('.').freeze
+end

data/lib/rails_environment_credentials.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# Container Module
+module RailsEnvironmentCredentials; end
+require 'active_support/concern'
+require 'rails_environment_credentials/application'
+require 'rails_environment_credentials/configuration'
+require 'rails_environment_credentials/encrypted_configuration'
+require 'rails_environment_credentials/encrypted_file'
+require 'rails_environment_credentials/key_strategies'
+require 'rails_environment_credentials/version'
+Rails::Application::Configuration.send(:include, RailsEnvironmentCredentials::Configuration)
+Rails::Application.send(:include, RailsEnvironmentCredentials::Application)
+ActiveSupport::EncryptedConfiguration.send(:include, RailsEnvironmentCredentials::EncryptedConfiguration)
+ActiveSupport::EncryptedFile.send(:include, RailsEnvironmentCredentials::EncryptedFile)

data/rails_environment_credentials.gemspec ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+$LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
+require 'rails_environment_credentials/version'
+Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
+  s.name        = 'rails_environment_credentials'
+  s.version     = RailsEnvironmentCredentials::VERSION
+  s.authors     = ['Taylor Yelverton']
+  s.email       = 'rubygems@yelvert.io'
+  s.homepage    = 'https://github.com/ComplyMD/rails_environment_credentials'
+  s.summary     = 'Add support for different credentials for different environments to Rails'
+  s.license     = 'MIT'
+  s.description = 'Add support for different credentials for different environments to Rails'
+  s.metadata    = {
+    'bug_tracker_uri' => 'https://github.com/ComplyMD/rails_environment_credentials/issues',
+    'changelog_uri' => 'https://github.com/ComplyMD/rails_environment_credentials/commits/master',
+    'documentation_uri' => 'https://github.com/ComplyMD/rails_environment_credentials/wiki',
+    'homepage_uri' => 'https://github.com/ComplyMD/rails_environment_credentials',
+    'source_code_uri' => 'https://github.com/ComplyMD/rails_environment_credentials',
+    'rubygems_mfa_required' => 'true',
+  }
+  s.files = Dir['lib/**/*','README.md','MIT-LICENSE','rails_environment_credentials.gemspec']
+  s.require_paths = %w[ lib ]
+  s.required_ruby_version = '>= 2.7.0'
+  s.add_dependency('activesupport', '>= 5.0.0')
+  s.add_dependency('railties', '>= 5.0.0')
+end

metadata ADDED Viewed

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: rails_environment_credentials
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Taylor Yelverton
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-08-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+description: Add support for different credentials for different environments to Rails
+email: rubygems@yelvert.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/rails_environment_credentials.rb
+- lib/rails_environment_credentials/application.rb
+- lib/rails_environment_credentials/configuration.rb
+- lib/rails_environment_credentials/encrypted_configuration.rb
+- lib/rails_environment_credentials/encrypted_file.rb
+- lib/rails_environment_credentials/key_strategies.rb
+- lib/rails_environment_credentials/key_strategies/azure_key_vault_managed_identity.rb
+- lib/rails_environment_credentials/key_strategies/base.rb
+- lib/rails_environment_credentials/key_strategies/none.rb
+- lib/rails_environment_credentials/key_strategies/raw.rb
+- lib/rails_environment_credentials/version.rb
+- rails_environment_credentials.gemspec
+homepage: https://github.com/ComplyMD/rails_environment_credentials
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/ComplyMD/rails_environment_credentials/issues
+  changelog_uri: https://github.com/ComplyMD/rails_environment_credentials/commits/master
+  documentation_uri: https://github.com/ComplyMD/rails_environment_credentials/wiki
+  homepage_uri: https://github.com/ComplyMD/rails_environment_credentials
+  source_code_uri: https://github.com/ComplyMD/rails_environment_credentials
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key:
+specification_version: 4
+summary: Add support for different credentials for different environments to Rails
+test_files: []