RubyGems - rails_key_rotator - Versions diffs - 0.1.3 → 0.2.0 - Mend

rails_key_rotator 0.1.3 → 0.2.0

Files changed (11) hide show

checksums.yaml +4 -4
data/.projections.json +3 -0
data/.vscode/extensions.json +5 -0
data/README.md +11 -22
data/Rakefile +7 -0
data/lib/rails_key_rotator/railtie.rb +4 -1
data/lib/rails_key_rotator/version.rb +1 -1
data/lib/rails_key_rotator.rb +54 -8
data/lib/tasks/key_rotator.rake +11 -0
data/rails_key_rotator.gemspec +1 -1
metadata +7 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1185099ebdd0aa95fe346dd3903a6a0cb56540a0e5b40acf8b917342ca33912a
-  data.tar.gz: 6bec30ca3c50f0870d05b9377a94f0f7afe69ec8eb36d0a21dbde210b73c6d3b
+  metadata.gz: f84724ed7fe7912f91c8b7af53830ca4c40e009cda1a5f043742b4bc458dad3a
+  data.tar.gz: dfe5ff6f821255b4ea655a148dd0a4f95fc5826223962188b7e8cda33ab6e77d
 SHA512:
-  metadata.gz: 20d3d663fe20d4cd2d08a7d5e5e6c7f8c55837f222f52f1a237f667ec7760b25744f1f8c4e90cb3c22f47c21c423cc28c6a1c7e4826029631dff45eb4ef855f9
-  data.tar.gz: 8a1c6af613656d15ad0380aa1d4e43a69289e1dd4bd7ccfbe9e242d7c8df7c82c7e0bcc86c727c179786085fbf85eb06ccba8bcdb9ceae2cf8978bb9b3e6d868
+  metadata.gz: 9078bc0711fa537185f7acb8fec193dd49afa3dd11c65d013667885234dd8181e633696b1e5cc508e31ac1424637f861b0a36656190a84be2659679c71cfbbc7
+  data.tar.gz: 7591f74ea9d7b724d23b1473cdc532c6913172ccdcc58c4f88f051ae778b8b736804309d1922f65a137150720daae7f20b31bf4192452e947fc454533b5de211

data/.projections.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+  "lib/*.rb": { "alternate": "spec/{}_spec.rb" }
+}

data/.vscode/extensions.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "recommendations": [
+    "testdouble.vscode-alternate-alternate-file"
+  ]
+}

data/README.md CHANGED Viewed

@@ -15,28 +15,17 @@ If bundler is not being used to manage dependencies, install the gem by executin
 > _*⚠️ !!! WARNING !!! ⚠️*_
 > _*⚠️ DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES! ⚠️*_
-1. First create a new key w/ `dip rails runner "puts ActiveSupport::EncryptedConfiguration.generate_key"` and deploy this in `RAILS_MASTER_KEY_NEW` on the targeted infrastructure.
-2. While waiting on deploying this variable, create a new encrypted file:
-   ```shell
-   # Copy the output current credentials
-   dip credentials show -e development
-   # Backup current credentials
-   mv -i config/credentials/development.yml.enc config/credentials/development.yml.enc.bak-$(date "+%Y-%m-%d-%H%M")
-   # Backup current key
-   mv -i config/credentials/development.key config/credentials/development.key.bak-$(date "+%Y-%m-%d-%H%M")
-   # Save the new key into file
-   echo d92599b046b58ab2d4158212e6d27162 > config/credentials/development.key
-   # Create new credentials file w/
-   dip credentials -e development
-   # Verify content
-   dip credentials show -e development
-   ```
-3. Commit to Github and deploy new encrypted file.
-4. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
+1. run the rake taks
+        bundle rake key_rotator:rotate
+    This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key
+1. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
+1. Commit and deploy new encrypted file.
+1. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
 ### Process

data/Rakefile CHANGED Viewed

@@ -8,3 +8,10 @@ RSpec::Core::RakeTask.new(:spec)
 require "standard/rake"
 task default: %i[spec standard]
+desc "Show RailsKeyRotator version"
+task :version do
+  puts RailsKeyRotator::VERSION
+end
+Dir.glob("lib/tasks/*.rake").each { |r| import r }

data/lib/rails_key_rotator/railtie.rb CHANGED Viewed

@@ -5,7 +5,10 @@ require "rails"
 module RailsKeyRotator
   class Railtie < Rails::Railtie
     config.before_initialize do
-      KeyRotator.call
+      KeyRotator.rotated?
+    end
+    rake_tasks do
+      load "lib/tasks/key_rotator.rake"
     end
   end
 end

data/lib/rails_key_rotator/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module RailsKeyRotator
-  VERSION = "0.1.3"
+  VERSION = "0.2.0"
 end

data/lib/rails_key_rotator.rb CHANGED Viewed

@@ -9,9 +9,9 @@ require "rails_key_rotator/railtie" if defined?(Rails)
 module RailsKeyRotator
   class Error < StandardError; end
-  # Your code goes here...
   class << self
-    def call
+    def rotated?
       return if ENV["RAILS_MASTER_KEY"].blank?
       if ENV.fetch("RAILS_MASTER_KEY_NEW", false)
@@ -24,23 +24,39 @@ module RailsKeyRotator
       end
     end
+    def rotate
+      decrypted = read(credentials_path) # Decrypt current credentials
+      backup_file(key_path)              # Backup key
+      backup_file(credentials_path)      # Backup credentials
+      File.write(key_path, new_key)      # Save new key
+      write(decrypted)                   # Save new credentials
+    end
+    def credentials_path
+      File.join(root, "config", "credentials", "#{env}.yml.enc")
+    end
+    def key_path
+      File.join(root, "config", "credentials", "#{env}.key")
+    end
     private
+    def root
+      defined?(Rails) ? Rails.root : Dir.pwd
+    end
     def can_read_credentials!
       ActiveSupport::EncryptedConfiguration.new(
-        config_path: credential_path,
+        config_path: credentials_path,
         env_key: "RAILS_MASTER_KEY_NEW",
-        key_path: "",
+        key_path: key_path,
         raise_if_missing_key: true
       ).read
     rescue ActiveSupport::MessageEncryptor::InvalidMessage
       false
     end
-    def credential_path
-      Rails.root.join("config/credentials/#{env}.yml.enc")
-    end
     def say(message)
       warn "\e[41;37;1m\n\n\tKeyRotator: Using #{message} for #{env} env\n\e[0m"
     end
@@ -48,5 +64,35 @@ module RailsKeyRotator
     def env
       defined?(Rails) ? Rails.env : (ENV["RAILS_ENV"] || "test")
     end
+    def date
+      @date ||= Time.new.strftime("%Y-%m-%d-%H%M%S")
+    end
+    def new_key
+      @new_key ||= ActiveSupport::EncryptedConfiguration.generate_key
+    end
+    def backup_file(original)
+      FileUtils.mv(original, "#{original}.bak-#{date}")
+    end
+    def read(credentials_path) # the old configuration
+      ActiveSupport::EncryptedConfiguration.new(
+        config_path: credentials_path,
+        key_path: key_path,
+        env_key: "",
+        raise_if_missing_key: true
+      ).read
+    end
+    def write(contents) # the new configuration
+      ActiveSupport::EncryptedConfiguration.new(
+        config_path: credentials_path,
+        key_path: key_path,
+        env_key: "",
+        raise_if_missing_key: true
+      ).write(contents)
+    end
   end
 end

data/lib/tasks/key_rotator.rake ADDED Viewed

@@ -0,0 +1,11 @@
+namespace :key_rotator do
+  require "rails_key_rotator"
+  require "fileutils"
+  desc "Start rotation"
+  task rotate: [
+    # environment
+  ] do
+    RailsKeyRotator.rotate
+  end
+end

data/rails_key_rotator.gemspec CHANGED Viewed

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.summary = "Rotate your RAILS_MASTER_KEY with ease"
   # spec.description = "TODO: Write a longer description or delete this line."
-  spec.homepage = "https://wendbaar.nl"
+  spec.homepage = "https://www.wendbaar.nl"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 2.6.0"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_key_rotator
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.2.0
 platform: ruby
 authors:
 - Leon Berenschot
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-13 00:00:00.000000000 Z
+date: 2023-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -37,8 +37,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".projections.json"
 - ".rspec"
 - ".rubocop.yml"
+- ".vscode/extensions.json"
 - Appraisals
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
@@ -56,14 +58,15 @@ files:
 - lib/rails_key_rotator.rb
 - lib/rails_key_rotator/railtie.rb
 - lib/rails_key_rotator/version.rb
+- lib/tasks/key_rotator.rake
 - rails_key_rotator.gemspec
 - sig/rails_key_rotator.rbs
-homepage: https://wendbaar.nl
+homepage: https://www.wendbaar.nl
 licenses:
 - MIT
 metadata:
   rubygems_mfa_required: 'true'
-  homepage_uri: https://wendbaar.nl
+  homepage_uri: https://www.wendbaar.nl
   source_code_uri: https://github.com/LeipeLeon/rails_key_rotator
   changelog_uri: https://github.com/LeipeLeon/rails_key_rotator/CHANGELOG.md
 post_install_message: