rails_key_rotator 0.1.2 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1c3890118c4df957ca79c8cf21823a86cea1061c91fb0a541bb7370432c68e3c
4
- data.tar.gz: c8f4bf343b83f3581b4a51e8cce589d7fcf075ca4f89dd7a2441caea31c32d3f
3
+ metadata.gz: f84724ed7fe7912f91c8b7af53830ca4c40e009cda1a5f043742b4bc458dad3a
4
+ data.tar.gz: dfe5ff6f821255b4ea655a148dd0a4f95fc5826223962188b7e8cda33ab6e77d
5
5
  SHA512:
6
- metadata.gz: 6fe025cb0f8f31142616bd1d627e745d357d3bd4ee72700713b6ed58060938d4dfc93b483812c02db791e50ad5d838b9d1168058bde846641539b6542c147f63
7
- data.tar.gz: 41a0e25df4a51da37f380f4ba9ca5dd80db6a999a26138792350213c637cde584dc16a85421bd35efd73f8139d907bf5f672834065c09d988c4fd0ae4dce7997
6
+ metadata.gz: 9078bc0711fa537185f7acb8fec193dd49afa3dd11c65d013667885234dd8181e633696b1e5cc508e31ac1424637f861b0a36656190a84be2659679c71cfbbc7
7
+ data.tar.gz: 7591f74ea9d7b724d23b1473cdc532c6913172ccdcc58c4f88f051ae778b8b736804309d1922f65a137150720daae7f20b31bf4192452e947fc454533b5de211
data/.projections.json ADDED
@@ -0,0 +1,3 @@
1
+ {
2
+ "lib/*.rb": { "alternate": "spec/{}_spec.rb" }
3
+ }
data/.rubocop.yml CHANGED
@@ -3,6 +3,9 @@ require:
3
3
  inherit_gem:
4
4
  standard: config/base.yml
5
5
 
6
+ AllCops:
7
+ TargetRubyVersion: 2.6
8
+
6
9
  Gemspec/DependencyVersion:
7
10
  Enabled: true
8
11
  Gemspec/DeprecatedAttributeAssignment:
@@ -0,0 +1,5 @@
1
+ {
2
+ "recommendations": [
3
+ "testdouble.vscode-alternate-alternate-file"
4
+ ]
5
+ }
data/README.md CHANGED
@@ -15,28 +15,17 @@ If bundler is not being used to manage dependencies, install the gem by executin
15
15
  > _*⚠️ !!! WARNING !!! ⚠️*_
16
16
  > _*⚠️ DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES! ⚠️*_
17
17
 
18
- 1. First create a new key w/ `dip rails runner "puts ActiveSupport::EncryptedConfiguration.generate_key"` and deploy this in `RAILS_MASTER_KEY_NEW` on the targeted infrastructure.
19
-
20
- 2. While waiting on deploying this variable, create a new encrypted file:
21
-
22
- ```shell
23
- # Copy the output current credentials
24
- dip credentials show -e development
25
- # Backup current credentials
26
- mv -i config/credentials/development.yml.enc config/credentials/development.yml.enc.bak-$(date "+%Y-%m-%d-%H%M")
27
- # Backup current key
28
- mv -i config/credentials/development.key config/credentials/development.key.bak-$(date "+%Y-%m-%d-%H%M")
29
- # Save the new key into file
30
- echo d92599b046b58ab2d4158212e6d27162 > config/credentials/development.key
31
- # Create new credentials file w/
32
- dip credentials -e development
33
- # Verify content
34
- dip credentials show -e development
35
- ```
36
-
37
- 3. Commit to Github and deploy new encrypted file.
38
-
39
- 4. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
18
+ 1. run the rake taks
19
+
20
+ bundle rake key_rotator:rotate
21
+
22
+ This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key
23
+
24
+ 1. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
25
+
26
+ 1. Commit and deploy new encrypted file.
27
+
28
+ 1. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
40
29
 
41
30
  ### Process
42
31
 
data/Rakefile CHANGED
@@ -8,3 +8,10 @@ RSpec::Core::RakeTask.new(:spec)
8
8
  require "standard/rake"
9
9
 
10
10
  task default: %i[spec standard]
11
+
12
+ desc "Show RailsKeyRotator version"
13
+ task :version do
14
+ puts RailsKeyRotator::VERSION
15
+ end
16
+
17
+ Dir.glob("lib/tasks/*.rake").each { |r| import r }
@@ -5,7 +5,10 @@ require "rails"
5
5
  module RailsKeyRotator
6
6
  class Railtie < Rails::Railtie
7
7
  config.before_initialize do
8
- KeyRotator.call
8
+ KeyRotator.rotated?
9
+ end
10
+ rake_tasks do
11
+ load "lib/tasks/key_rotator.rake"
9
12
  end
10
13
  end
11
14
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RailsKeyRotator
4
- VERSION = "0.1.2"
4
+ VERSION = "0.2.0"
5
5
  end
@@ -9,9 +9,9 @@ require "rails_key_rotator/railtie" if defined?(Rails)
9
9
 
10
10
  module RailsKeyRotator
11
11
  class Error < StandardError; end
12
- # Your code goes here...
12
+
13
13
  class << self
14
- def call
14
+ def rotated?
15
15
  return if ENV["RAILS_MASTER_KEY"].blank?
16
16
 
17
17
  if ENV.fetch("RAILS_MASTER_KEY_NEW", false)
@@ -24,23 +24,39 @@ module RailsKeyRotator
24
24
  end
25
25
  end
26
26
 
27
+ def rotate
28
+ decrypted = read(credentials_path) # Decrypt current credentials
29
+ backup_file(key_path) # Backup key
30
+ backup_file(credentials_path) # Backup credentials
31
+ File.write(key_path, new_key) # Save new key
32
+ write(decrypted) # Save new credentials
33
+ end
34
+
35
+ def credentials_path
36
+ File.join(root, "config", "credentials", "#{env}.yml.enc")
37
+ end
38
+
39
+ def key_path
40
+ File.join(root, "config", "credentials", "#{env}.key")
41
+ end
42
+
27
43
  private
28
44
 
45
+ def root
46
+ defined?(Rails) ? Rails.root : Dir.pwd
47
+ end
48
+
29
49
  def can_read_credentials!
30
50
  ActiveSupport::EncryptedConfiguration.new(
31
- config_path: credential_path,
51
+ config_path: credentials_path,
32
52
  env_key: "RAILS_MASTER_KEY_NEW",
33
- key_path: "",
53
+ key_path: key_path,
34
54
  raise_if_missing_key: true
35
55
  ).read
36
56
  rescue ActiveSupport::MessageEncryptor::InvalidMessage
37
57
  false
38
58
  end
39
59
 
40
- def credential_path
41
- Rails.root.join("config/credentials/#{env}.yml.enc")
42
- end
43
-
44
60
  def say(message)
45
61
  warn "\e[41;37;1m\n\n\tKeyRotator: Using #{message} for #{env} env\n\e[0m"
46
62
  end
@@ -48,5 +64,35 @@ module RailsKeyRotator
48
64
  def env
49
65
  defined?(Rails) ? Rails.env : (ENV["RAILS_ENV"] || "test")
50
66
  end
67
+
68
+ def date
69
+ @date ||= Time.new.strftime("%Y-%m-%d-%H%M%S")
70
+ end
71
+
72
+ def new_key
73
+ @new_key ||= ActiveSupport::EncryptedConfiguration.generate_key
74
+ end
75
+
76
+ def backup_file(original)
77
+ FileUtils.mv(original, "#{original}.bak-#{date}")
78
+ end
79
+
80
+ def read(credentials_path) # the old configuration
81
+ ActiveSupport::EncryptedConfiguration.new(
82
+ config_path: credentials_path,
83
+ key_path: key_path,
84
+ env_key: "",
85
+ raise_if_missing_key: true
86
+ ).read
87
+ end
88
+
89
+ def write(contents) # the new configuration
90
+ ActiveSupport::EncryptedConfiguration.new(
91
+ config_path: credentials_path,
92
+ key_path: key_path,
93
+ env_key: "",
94
+ raise_if_missing_key: true
95
+ ).write(contents)
96
+ end
51
97
  end
52
98
  end
@@ -0,0 +1,11 @@
1
+ namespace :key_rotator do
2
+ require "rails_key_rotator"
3
+ require "fileutils"
4
+
5
+ desc "Start rotation"
6
+ task rotate: [
7
+ # environment
8
+ ] do
9
+ RailsKeyRotator.rotate
10
+ end
11
+ end
@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
10
10
 
11
11
  spec.summary = "Rotate your RAILS_MASTER_KEY with ease"
12
12
  # spec.description = "TODO: Write a longer description or delete this line."
13
- spec.homepage = "https://wendbaar.nl"
13
+ spec.homepage = "https://www.wendbaar.nl"
14
14
  spec.license = "MIT"
15
15
  spec.required_ruby_version = ">= 2.6.0"
16
16
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_key_rotator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leon Berenschot
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-10-13 00:00:00.000000000 Z
11
+ date: 2023-10-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -37,8 +37,10 @@ executables: []
37
37
  extensions: []
38
38
  extra_rdoc_files: []
39
39
  files:
40
+ - ".projections.json"
40
41
  - ".rspec"
41
42
  - ".rubocop.yml"
43
+ - ".vscode/extensions.json"
42
44
  - Appraisals
43
45
  - CHANGELOG.md
44
46
  - CODE_OF_CONDUCT.md
@@ -56,14 +58,15 @@ files:
56
58
  - lib/rails_key_rotator.rb
57
59
  - lib/rails_key_rotator/railtie.rb
58
60
  - lib/rails_key_rotator/version.rb
61
+ - lib/tasks/key_rotator.rake
59
62
  - rails_key_rotator.gemspec
60
63
  - sig/rails_key_rotator.rbs
61
- homepage: https://wendbaar.nl
64
+ homepage: https://www.wendbaar.nl
62
65
  licenses:
63
66
  - MIT
64
67
  metadata:
65
68
  rubygems_mfa_required: 'true'
66
- homepage_uri: https://wendbaar.nl
69
+ homepage_uri: https://www.wendbaar.nl
67
70
  source_code_uri: https://github.com/LeipeLeon/rails_key_rotator
68
71
  changelog_uri: https://github.com/LeipeLeon/rails_key_rotator/CHANGELOG.md
69
72
  post_install_message: