RubyGems - rails_key_rotator - Versions diffs - 0.2.0 → 0.2.2 - Mend

rails_key_rotator 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +33 -13
data/lib/rails_key_rotator/railtie.rb +1 -1
data/lib/rails_key_rotator/version.rb +1 -1
data/lib/rails_key_rotator.rb +27 -6
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f84724ed7fe7912f91c8b7af53830ca4c40e009cda1a5f043742b4bc458dad3a
-  data.tar.gz: dfe5ff6f821255b4ea655a148dd0a4f95fc5826223962188b7e8cda33ab6e77d
+  metadata.gz: 4716f503c795d3a21fe6fb7eff53ec6ebb0d003e34bad0dc2a68d6e652dfc7c9
+  data.tar.gz: 194d519cf4e0278adb5cb60c183980712d027fc8ae8f85a8d7b4fe88df78a1ed
 SHA512:
-  metadata.gz: 9078bc0711fa537185f7acb8fec193dd49afa3dd11c65d013667885234dd8181e633696b1e5cc508e31ac1424637f861b0a36656190a84be2659679c71cfbbc7
-  data.tar.gz: 7591f74ea9d7b724d23b1473cdc532c6913172ccdcc58c4f88f051ae778b8b736804309d1922f65a137150720daae7f20b31bf4192452e947fc454533b5de211
+  metadata.gz: '04485eed8bc71a9d664b0e4c8348cca4f4a8ba3c4d79fc29ac585f1c2fc2c7bc792bfc0b5e881643c0399dae0f7ea197a5d7f6b08ba00fa696b9d45e049659ca'
+  data.tar.gz: 7bec424314fdc836d644547f08dd9299a6c34a615585168847f6c7e5b77fceafbe909d0fb7e581f827a2c0ea5bb7506e2ed780aa9628e75f349d0f85d63197b9

data/README.md CHANGED Viewed

@@ -12,22 +12,35 @@ If bundler is not being used to manage dependencies, install the gem by executin
 ## Usage
-> _*⚠️ !!! WARNING !!! ⚠️*_
-> _*⚠️ DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES! ⚠️*_
+> **Warning**
+> **DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES!**
-1. run the rake taks
+1. Run the rake taks
-        bundle rake key_rotator:rotate
+        $ RAILS_ENV=production bundle exec rake key_rotator:rotate
-    This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key
+        Starting process:
+        -> Copy config/credentials/production.key -> config/credentials/production.key.bak-2023-10-15-084335
+        -> Copy config/credentials/production.yml.enc -> config/credentials/production.yml.enc.bak-2023-10-15-084335
+        -> Writing 774ef137809953c633f03233d3ec5d35 to config/credentials/production.key
-1. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
+        Finished! The next steps are:
-1. Commit and deploy new encrypted file.
+        - Deploy `RAILS_MASTER_KEY_NEW=774ef137809953c633f03233d3ec5d35` to your infrastructure
+        - Share the new key w/ your colleagues
+        - Commit changes in config/credentials/production.yml.enc
+        - Update `RAILS_MASTER_KEY`and remove `RAILS_MASTER_KEY_NEW` from your infrastructure
-1. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
+    This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key for the current `RAILS_ENV`
-### Process
+2. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
+3. Commit and deploy new encrypted file.
+4. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
+## Process
 When we've defined `RAILS_MASTER_KEY_NEW` it means we are rotating the encryption key for our credentials. What we want to do then is:
@@ -42,13 +55,20 @@ See: https://www.reddit.com/r/rails/comments/x4sujc/deploying_a_rotated_credenti
 ## Development
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+This project uses docker and [dip](https://github.com/bibendi/dip), a.k.a. the _Docker Interaction Program._
+To use it:
+```shell
+gem install dip
+dip provision
+dip guard # run specs
+```
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `dip bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/rails_key_rotator. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at <https://github.com/LeipeLeon/rails_key_rotator>. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/LeipeLeon/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
 ## License
@@ -56,4 +76,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 ## Code of Conduct
-Everyone interacting in the RailsKeyRotator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the RailsKeyRotator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/LeipeLeon/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).

data/lib/rails_key_rotator/railtie.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module RailsKeyRotator
       KeyRotator.rotated?
     end
     rake_tasks do
-      load "lib/tasks/key_rotator.rake"
+      load "tasks/key_rotator.rake"
     end
   end
 end

data/lib/rails_key_rotator/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module RailsKeyRotator
-  VERSION = "0.2.0"
+  VERSION = "0.2.2"
 end

data/lib/rails_key_rotator.rb CHANGED Viewed

@@ -17,19 +17,30 @@ module RailsKeyRotator
       if ENV.fetch("RAILS_MASTER_KEY_NEW", false)
         if can_read_credentials!
           ENV["RAILS_MASTER_KEY"] = ENV.fetch("RAILS_MASTER_KEY_NEW")
-          say "NEW key"
+          say_loud "Using NEW key"
         else
-          say "OLD key"
+          say_loud "Using OLD key"
         end
       end
     end
     def rotate
+      puts "Starting process:"
       decrypted = read(credentials_path) # Decrypt current credentials
       backup_file(key_path)              # Backup key
       backup_file(credentials_path)      # Backup credentials
-      File.write(key_path, new_key)      # Save new key
-      write(decrypted)                   # Save new credentials
+      write_key                          # Save new key
+      write_credentials(decrypted)       # Save new credentials
+      puts <<~PROCEDURE
+        Finished! The next steps are:
+        - Deploy `RAILS_MASTER_KEY_NEW=#{new_key}` to your infrastructure
+        - Share the new key w/ your colleagues
+        - Commit changes in #{credentials_path}
+        - Update `RAILS_MASTER_KEY`and remove `RAILS_MASTER_KEY_NEW` from your infrastructure
+      PROCEDURE
     end
     def credentials_path
@@ -58,7 +69,11 @@ module RailsKeyRotator
     end
     def say(message)
-      warn "\e[41;37;1m\n\n\tKeyRotator: Using #{message} for #{env} env\n\e[0m"
+      puts "-> #{message}"
+    end
+    def say_loud(message)
+      warn "\e[41;37;1m\n\n\tKeyRotator(#{env}): #{message}\n\e[0m"
     end
     def env
@@ -74,6 +89,7 @@ module RailsKeyRotator
     end
     def backup_file(original)
+      say "Copy #{original} -> #{original}.bak-#{date}"
       FileUtils.mv(original, "#{original}.bak-#{date}")
     end
@@ -86,7 +102,7 @@ module RailsKeyRotator
       ).read
     end
-    def write(contents) # the new configuration
+    def write_credentials(contents) # the new configuration
       ActiveSupport::EncryptedConfiguration.new(
         config_path: credentials_path,
         key_path: key_path,
@@ -94,5 +110,10 @@ module RailsKeyRotator
         raise_if_missing_key: true
       ).write(contents)
     end
+    def write_key
+      say "Writing #{new_key} to #{key_path}"
+      File.write(key_path, new_key)
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_key_rotator
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.2
 platform: ruby
 authors:
 - Leon Berenschot
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-15 00:00:00.000000000 Z
+date: 2023-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport