rails_key_rotator 0.1.3 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1185099ebdd0aa95fe346dd3903a6a0cb56540a0e5b40acf8b917342ca33912a
-  data.tar.gz: 6bec30ca3c50f0870d05b9377a94f0f7afe69ec8eb36d0a21dbde210b73c6d3b
+  metadata.gz: 29eb6c4fb0ee94eb94483058e009c91b40bc017ff13da75d90f60249c51df5c7
+  data.tar.gz: cb203507ac300b69adac536d0aee9685c42a09c78b0b3a9d391bfbc4a0ba77c2
 SHA512:
-  metadata.gz: 20d3d663fe20d4cd2d08a7d5e5e6c7f8c55837f222f52f1a237f667ec7760b25744f1f8c4e90cb3c22f47c21c423cc28c6a1c7e4826029631dff45eb4ef855f9
-  data.tar.gz: 8a1c6af613656d15ad0380aa1d4e43a69289e1dd4bd7ccfbe9e242d7c8df7c82c7e0bcc86c727c179786085fbf85eb06ccba8bcdb9ceae2cf8978bb9b3e6d868
+  metadata.gz: 87a8d7106191f090426e9d9d6a7d997fa5b972c1a840c76fef0250adab92e56a309bc0a9ca1a127e7ceeecf9195e10a57006adee2748e0d5e9e30e14315162cf
+  data.tar.gz: 74cb11e1eb92733a54fa3e2051ade59b108578b1b41e02e7e8105297cec4fd96978bbec962214a6b4e8606f358630f333028c7fb0bc1c226b18413811ff84007

data/.projections.json

@@ -0,0 +1,3 @@
+{
+  "lib/*.rb": { "alternate": "spec/{}_spec.rb" }
+}

data/.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+  "recommendations": [
+    "testdouble.vscode-alternate-alternate-file"
+  ]
+}

data/README.md

@@ -12,33 +12,22 @@ If bundler is not being used to manage dependencies, install the gem by executin
 
 ## Usage
 
-> _*⚠️ !!! WARNING !!! ⚠️*_
-> _*⚠️ DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES! ⚠️*_
-
-1. First create a new key w/ `dip rails runner "puts ActiveSupport::EncryptedConfiguration.generate_key"` and deploy this in `RAILS_MASTER_KEY_NEW` on the targeted infrastructure.
-
-2. While waiting on deploying this variable, create a new encrypted file:
-
-   ```shell
-   # Copy the output current credentials
-   dip credentials show -e development
-   # Backup current credentials
-   mv -i config/credentials/development.yml.enc config/credentials/development.yml.enc.bak-$(date "+%Y-%m-%d-%H%M")
-   # Backup current key
-   mv -i config/credentials/development.key config/credentials/development.key.bak-$(date "+%Y-%m-%d-%H%M")
-   # Save the new key into file
-   echo d92599b046b58ab2d4158212e6d27162 > config/credentials/development.key
-   # Create new credentials file w/
-   dip credentials -e development
-   # Verify content
-   dip credentials show -e development
-   ```
-
-3. Commit to Github and deploy new encrypted file.
+> **Warning**
+> **DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES!**
+
+1. Run the rake taks
+
+        bundle rake key_rotator:rotate
+
+    This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key
+
+2. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
+
+3. Commit and deploy new encrypted file.
 
 4. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
 
-### Process
+## Process
 
 When we've defined `RAILS_MASTER_KEY_NEW` it means we are rotating the encryption key for our credentials. What we want to do then is:
 
@@ -53,13 +42,20 @@ See: https://www.reddit.com/r/rails/comments/x4sujc/deploying_a_rotated_credenti
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+This project uses docker and [dip](https://github.com/bibendi/dip), a.k.a. the _Docker Interaction Program._
+
+To use it:
+```shell
+gem install dip
+dip provision
+dip guard # run specs
+```
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `dip bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/rails_key_rotator. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at <https://github.com/LeipeLeon/rails_key_rotator>. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/LeipeLeon/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
 
 ## License
 
@@ -67,4 +63,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the RailsKeyRotator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the RailsKeyRotator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/LeipeLeon/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -8,3 +8,10 @@ RSpec::Core::RakeTask.new(:spec)
 require "standard/rake"
 
 task default: %i[spec standard]
+
+desc "Show RailsKeyRotator version"
+task :version do
+  puts RailsKeyRotator::VERSION
+end
+
+Dir.glob("lib/tasks/*.rake").each { |r| import r }

data/lib/rails_key_rotator/railtie.rb

@@ -5,7 +5,10 @@ require "rails"
 module RailsKeyRotator
   class Railtie < Rails::Railtie
     config.before_initialize do
-      KeyRotator.call
+      KeyRotator.rotated?
+    end
+    rake_tasks do
+      load "tasks/key_rotator.rake"
     end
   end
 end

data/lib/rails_key_rotator/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsKeyRotator
-  VERSION = "0.1.3"
+  VERSION = "0.2.1"
 end

data/lib/rails_key_rotator.rb

@@ -9,9 +9,9 @@ require "rails_key_rotator/railtie" if defined?(Rails)
 
 module RailsKeyRotator
   class Error < StandardError; end
-  # Your code goes here...
+
   class << self
-    def call
+    def rotated?
       return if ENV["RAILS_MASTER_KEY"].blank?
 
       if ENV.fetch("RAILS_MASTER_KEY_NEW", false)
@@ -24,23 +24,39 @@ module RailsKeyRotator
       end
     end
 
+    def rotate
+      decrypted = read(credentials_path) # Decrypt current credentials
+      backup_file(key_path)              # Backup key
+      backup_file(credentials_path)      # Backup credentials
+      File.write(key_path, new_key)      # Save new key
+      write(decrypted)                   # Save new credentials
+    end
+
+    def credentials_path
+      File.join(root, "config", "credentials", "#{env}.yml.enc")
+    end
+
+    def key_path
+      File.join(root, "config", "credentials", "#{env}.key")
+    end
+
     private
 
+    def root
+      defined?(Rails) ? Rails.root : Dir.pwd
+    end
+
     def can_read_credentials!
       ActiveSupport::EncryptedConfiguration.new(
-        config_path: credential_path,
+        config_path: credentials_path,
         env_key: "RAILS_MASTER_KEY_NEW",
-        key_path: "",
+        key_path: key_path,
         raise_if_missing_key: true
       ).read
     rescue ActiveSupport::MessageEncryptor::InvalidMessage
       false
     end
 
-    def credential_path
-      Rails.root.join("config/credentials/#{env}.yml.enc")
-    end
-
     def say(message)
       warn "\e[41;37;1m\n\n\tKeyRotator: Using #{message} for #{env} env\n\e[0m"
     end
@@ -48,5 +64,35 @@ module RailsKeyRotator
     def env
       defined?(Rails) ? Rails.env : (ENV["RAILS_ENV"] || "test")
     end
+
+    def date
+      @date ||= Time.new.strftime("%Y-%m-%d-%H%M%S")
+    end
+
+    def new_key
+      @new_key ||= ActiveSupport::EncryptedConfiguration.generate_key
+    end
+
+    def backup_file(original)
+      FileUtils.mv(original, "#{original}.bak-#{date}")
+    end
+
+    def read(credentials_path) # the old configuration
+      ActiveSupport::EncryptedConfiguration.new(
+        config_path: credentials_path,
+        key_path: key_path,
+        env_key: "",
+        raise_if_missing_key: true
+      ).read
+    end
+
+    def write(contents) # the new configuration
+      ActiveSupport::EncryptedConfiguration.new(
+        config_path: credentials_path,
+        key_path: key_path,
+        env_key: "",
+        raise_if_missing_key: true
+      ).write(contents)
+    end
   end
 end

data/lib/tasks/key_rotator.rake

@@ -0,0 +1,11 @@
+namespace :key_rotator do
+  require "rails_key_rotator"
+  require "fileutils"
+
+  desc "Start rotation"
+  task rotate: [
+    # environment
+  ] do
+    RailsKeyRotator.rotate
+  end
+end

data/rails_key_rotator.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
 
   spec.summary = "Rotate your RAILS_MASTER_KEY with ease"
   # spec.description = "TODO: Write a longer description or delete this line."
-  spec.homepage = "https://wendbaar.nl"
+  spec.homepage = "https://www.wendbaar.nl"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 2.6.0"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_key_rotator
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.2.1
 platform: ruby
 authors:
 - Leon Berenschot
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-10-13 00:00:00.000000000 Z
+date: 2023-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -37,8 +37,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".projections.json"
 - ".rspec"
 - ".rubocop.yml"
+- ".vscode/extensions.json"
 - Appraisals
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
@@ -56,14 +58,15 @@ files:
 - lib/rails_key_rotator.rb
 - lib/rails_key_rotator/railtie.rb
 - lib/rails_key_rotator/version.rb
+- lib/tasks/key_rotator.rake
 - rails_key_rotator.gemspec
 - sig/rails_key_rotator.rbs
-homepage: https://wendbaar.nl
+homepage: https://www.wendbaar.nl
 licenses:
 - MIT
 metadata:
   rubygems_mfa_required: 'true'
-  homepage_uri: https://wendbaar.nl
+  homepage_uri: https://www.wendbaar.nl
   source_code_uri: https://github.com/LeipeLeon/rails_key_rotator
   changelog_uri: https://github.com/LeipeLeon/rails_key_rotator/CHANGELOG.md
 post_install_message: