rails_environment_credentials 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8831db67391191047589682a975a189698cf6ba971835a9057b3d9e308938b50
-  data.tar.gz: 7879944840d8771d97098524cb9792ea66049365cc3f92a7db75581f7bcc61e9
+  metadata.gz: c6e5fd661f637909b8425e534736c598f2966c940228fc65fa2de8b9b1102520
+  data.tar.gz: 776113ab4beef6d69866b8f1d5c7a32e670a5579b282f54424b25792334df84a
 SHA512:
-  metadata.gz: 7898632f7087e6e5b922c5b29c61e1410287efa114ec67512cc81caf9f6297149bb4243baf6b25b5e74f645334cc8eeaef5a2eda5a1c9f6679cd89a17bd6f7b2
-  data.tar.gz: ac3c92f5610a920d5c0b46f172a72fb75cf0e4a573e58b77277d5d5dba6cd92487f89307b208b73369a2dfbed3683eff383ee0bdbf50362439ebd2612c4d60a4
+  metadata.gz: 2bed86493a1351a91ace41e95ee5d90ba33acb77ea3974f685ffcf834947d3bfd65e4be421e4ed6aba0e6afe1d0cd6b07ddd871e299c4eff887da4ca3f24bde3
+  data.tar.gz: 327c2396d25b0fa9ae25f9a8b28760b56dfeb620bd19751adecf8c7edf0beafe226fd690a9c8f18d2cfef2e9f61aa3d226764f9ce38b64bcb04a03550db3d268

data/README.md

@@ -1 +1,52 @@
-# rails-environment-credentials
+# rails-environment-credentials
+
+This gem expands the capabilities of `Rails.application.credentials` to support many different environments, as well as multiple ways to load the key.
+
+By default, the credentials will be loaded from `config/credentials/#{Rails.env}.{yml.enc|.key}`, a different environment can be specified in the credentials config file.
+
+
+## Show/Edit Credentials
+
+`bin/rails env_creds:show\[some_special_environment\]`
+
+`bin/rails env_creds:edit\[some_special_environment\]`
+
+
+## Key Strategies
+
+### nil/none/rails
+This is the default strategy. Tthe key will be loaded the same way rails does it traditionally, by looking at the `RAILS_MASTER_KEY` environment variable, then from `config/credentials/some_environment.key`.
+
+### raw
+The key will be defined in the credentials config file.
+
+Example `config/credentials.yml`:
+```yaml
+key_strategy: raw
+key_strategy_options:
+  key: 123abc456def789
+```
+
+### azure_key_vault_managed_identity
+The key will be loaded from Azure Key Vault using an `access_token` from the VM's managed identity.
+
+Example `config/credentials.yml`:
+```yaml
+key_strategy: azure_key_vault_managed_identity
+key_strategy_options:
+  vault: some-key-vault
+  secret_name: some-environment-master-key
+```
+
+
+## Credentials Config File
+
+It is recommended to keep this file in `.gitignore`
+
+```yaml
+environment: some-special-environment # Which environment credentials to load: `config/credentials/some-special-environment.yml.enc`
+
+key_strategy: none|rails|raw|azure_key_vault_managed_identity # Which key strategy to use
+
+key_strategy_options: # The options for the chosen key strategy
+```

data/lib/rails_environment_credentials/key_strategies/none.rb

@@ -6,6 +6,8 @@ module RailsEnvironmentCredentials
     class None < Base; end
 
     add(nil, None)
+    add('none', None)
+    add('rails', None)
 
   end
 end

data/lib/rails_environment_credentials/key_strategies/raw.rb

@@ -6,7 +6,7 @@ module RailsEnvironmentCredentials
     class Raw < Base
 
       def key
-        Rails.application.config.credentials.raw_key
+        Rails.application.config.credentials.key_strategy_options['key']
       end
 
     end

data/lib/rails_environment_credentials/railtie.rb

@@ -0,0 +1,12 @@
+require 'rails'
+
+module RailsEnvironmentCredentials
+  class Railtie < Rails::Railtie
+    railtie_name :rails_environment_credentials
+
+    rake_tasks do
+      load 'tasks/credentials.rake'
+    end
+
+  end
+end

data/lib/rails_environment_credentials/version.rb

@@ -4,8 +4,8 @@ module RailsEnvironmentCredentials
 
   module Version
     MAJOR = 0
-    MINOR = 0
-    PATCH = 1
+    MINOR = 1
+    PATCH = 0
 
   end
 

data/lib/rails_environment_credentials.rb

@@ -10,6 +10,7 @@ require 'rails_environment_credentials/configuration'
 require 'rails_environment_credentials/encrypted_configuration'
 require 'rails_environment_credentials/encrypted_file'
 require 'rails_environment_credentials/key_strategies'
+require 'rails_environment_credentials/railtie'
 require 'rails_environment_credentials/version'
 
 Rails::Application::Configuration.send(:include, RailsEnvironmentCredentials::Configuration)

data/lib/tasks/credentials.rake

@@ -0,0 +1,26 @@
+namespace :env_creds do
+  task :show, [:environment] do |_, args|
+    env = args[:environment]
+    if env.blank?
+      system('bin/rails credentials:show')
+    else
+      env.downcase!
+      file = "config/credentials/#{env}.yml.enc"
+      key = "config/credentials/#{env}.key"
+      system("bin/rails encrypted:show #{file} -k #{key}")
+    end
+  end
+
+  task :edit, [:environment] do |_, args|
+    ENV['EDITOR'] += ' --wait' if ENV['EDITOR'].present? && (ENV['EDITOR'] == 'code' || ENV['EDITOR'].ends_with?('/code')) # Stupid fix for vscode exiting too quickly
+    env = args[:environment]
+    if env.blank?
+      system('bin/rails credentials:edit')
+    else
+      env.downcase!
+      file = "config/credentials/#{env}.yml.enc"
+      key = "config/credentials/#{env}.key"
+      system("bin/rails encrypted:edit #{file} -k #{key}")
+    end
+  end
+end

data/rails_environment_credentials.gemspec

@@ -3,7 +3,7 @@
 $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
 require 'rails_environment_credentials/version'
 
-Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
+Gem::Specification.new do |s|
   s.name        = 'rails_environment_credentials'
   s.version     = RailsEnvironmentCredentials::VERSION
   s.authors     = ['Taylor Yelverton']
@@ -29,4 +29,6 @@ Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
 
   s.add_dependency('activesupport', '>= 5.0.0')
   s.add_dependency('railties', '>= 5.0.0')
+
+  s.add_dependency('httparty', '~> 0.16.2')
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_environment_credentials
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Taylor Yelverton
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.2
 description: Add support for different credentials for different environments to Rails
 email: rubygems@yelvert.io
 executables: []
@@ -55,7 +69,9 @@ files:
 - lib/rails_environment_credentials/key_strategies/base.rb
 - lib/rails_environment_credentials/key_strategies/none.rb
 - lib/rails_environment_credentials/key_strategies/raw.rb
+- lib/rails_environment_credentials/railtie.rb
 - lib/rails_environment_credentials/version.rb
+- lib/tasks/credentials.rake
 - rails_environment_credentials.gemspec
 homepage: https://github.com/ComplyMD/rails_environment_credentials
 licenses: