rails_key_rotator 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f84724ed7fe7912f91c8b7af53830ca4c40e009cda1a5f043742b4bc458dad3a
4
- data.tar.gz: dfe5ff6f821255b4ea655a148dd0a4f95fc5826223962188b7e8cda33ab6e77d
3
+ metadata.gz: 4716f503c795d3a21fe6fb7eff53ec6ebb0d003e34bad0dc2a68d6e652dfc7c9
4
+ data.tar.gz: 194d519cf4e0278adb5cb60c183980712d027fc8ae8f85a8d7b4fe88df78a1ed
5
5
  SHA512:
6
- metadata.gz: 9078bc0711fa537185f7acb8fec193dd49afa3dd11c65d013667885234dd8181e633696b1e5cc508e31ac1424637f861b0a36656190a84be2659679c71cfbbc7
7
- data.tar.gz: 7591f74ea9d7b724d23b1473cdc532c6913172ccdcc58c4f88f051ae778b8b736804309d1922f65a137150720daae7f20b31bf4192452e947fc454533b5de211
6
+ metadata.gz: '04485eed8bc71a9d664b0e4c8348cca4f4a8ba3c4d79fc29ac585f1c2fc2c7bc792bfc0b5e881643c0399dae0f7ea197a5d7f6b08ba00fa696b9d45e049659ca'
7
+ data.tar.gz: 7bec424314fdc836d644547f08dd9299a6c34a615585168847f6c7e5b77fceafbe909d0fb7e581f827a2c0ea5bb7506e2ed780aa9628e75f349d0f85d63197b9
data/README.md CHANGED
@@ -12,22 +12,35 @@ If bundler is not being used to manage dependencies, install the gem by executin
12
12
 
13
13
  ## Usage
14
14
 
15
- > _*⚠️ !!! WARNING !!! ⚠️*_
16
- > _*⚠️ DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES! ⚠️*_
15
+ > **Warning**
16
+ > **DON'T FORGET TO HANDOUT THE NEW KEY TO YOUR COLLEAGUES!**
17
17
 
18
- 1. run the rake taks
18
+ 1. Run the rake taks
19
19
 
20
- bundle rake key_rotator:rotate
20
+ $ RAILS_ENV=production bundle exec rake key_rotator:rotate
21
21
 
22
- This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key
22
+ Starting process:
23
+ -> Copy config/credentials/production.key -> config/credentials/production.key.bak-2023-10-15-084335
24
+ -> Copy config/credentials/production.yml.enc -> config/credentials/production.yml.enc.bak-2023-10-15-084335
25
+ -> Writing 774ef137809953c633f03233d3ec5d35 to config/credentials/production.key
23
26
 
24
- 1. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
27
+ Finished! The next steps are:
25
28
 
26
- 1. Commit and deploy new encrypted file.
29
+ - Deploy `RAILS_MASTER_KEY_NEW=774ef137809953c633f03233d3ec5d35` to your infrastructure
30
+ - Share the new key w/ your colleagues
31
+ - Commit changes in config/credentials/production.yml.enc
32
+ - Update `RAILS_MASTER_KEY`and remove `RAILS_MASTER_KEY_NEW` from your infrastructure
27
33
 
28
- 1. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
34
+ This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key for the current `RAILS_ENV`
29
35
 
30
- ### Process
36
+
37
+ 2. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
38
+
39
+ 3. Commit and deploy new encrypted file.
40
+
41
+ 4. After a while when everything is back in sync replace `RAILS_MASTER_KEY` w/ the new key and delete `RAILS_MASTER_KEY_NEW`
42
+
43
+ ## Process
31
44
 
32
45
  When we've defined `RAILS_MASTER_KEY_NEW` it means we are rotating the encryption key for our credentials. What we want to do then is:
33
46
 
@@ -42,13 +55,20 @@ See: https://www.reddit.com/r/rails/comments/x4sujc/deploying_a_rotated_credenti
42
55
 
43
56
  ## Development
44
57
 
45
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
58
+ This project uses docker and [dip](https://github.com/bibendi/dip), a.k.a. the _Docker Interaction Program._
59
+
60
+ To use it:
61
+ ```shell
62
+ gem install dip
63
+ dip provision
64
+ dip guard # run specs
65
+ ```
46
66
 
47
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
67
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `dip bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
48
68
 
49
69
  ## Contributing
50
70
 
51
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/rails_key_rotator. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
71
+ Bug reports and pull requests are welcome on GitHub at <https://github.com/LeipeLeon/rails_key_rotator>. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/LeipeLeon/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
52
72
 
53
73
  ## License
54
74
 
@@ -56,4 +76,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
56
76
 
57
77
  ## Code of Conduct
58
78
 
59
- Everyone interacting in the RailsKeyRotator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
79
+ Everyone interacting in the RailsKeyRotator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/LeipeLeon/rails_key_rotator/blob/master/CODE_OF_CONDUCT.md).
@@ -8,7 +8,7 @@ module RailsKeyRotator
8
8
  KeyRotator.rotated?
9
9
  end
10
10
  rake_tasks do
11
- load "lib/tasks/key_rotator.rake"
11
+ load "tasks/key_rotator.rake"
12
12
  end
13
13
  end
14
14
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RailsKeyRotator
4
- VERSION = "0.2.0"
4
+ VERSION = "0.2.2"
5
5
  end
@@ -17,19 +17,30 @@ module RailsKeyRotator
17
17
  if ENV.fetch("RAILS_MASTER_KEY_NEW", false)
18
18
  if can_read_credentials!
19
19
  ENV["RAILS_MASTER_KEY"] = ENV.fetch("RAILS_MASTER_KEY_NEW")
20
- say "NEW key"
20
+ say_loud "Using NEW key"
21
21
  else
22
- say "OLD key"
22
+ say_loud "Using OLD key"
23
23
  end
24
24
  end
25
25
  end
26
26
 
27
27
  def rotate
28
+ puts "Starting process:"
28
29
  decrypted = read(credentials_path) # Decrypt current credentials
29
30
  backup_file(key_path) # Backup key
30
31
  backup_file(credentials_path) # Backup credentials
31
- File.write(key_path, new_key) # Save new key
32
- write(decrypted) # Save new credentials
32
+ write_key # Save new key
33
+ write_credentials(decrypted) # Save new credentials
34
+ puts <<~PROCEDURE
35
+
36
+ Finished! The next steps are:
37
+
38
+ - Deploy `RAILS_MASTER_KEY_NEW=#{new_key}` to your infrastructure
39
+ - Share the new key w/ your colleagues
40
+ - Commit changes in #{credentials_path}
41
+ - Update `RAILS_MASTER_KEY`and remove `RAILS_MASTER_KEY_NEW` from your infrastructure
42
+
43
+ PROCEDURE
33
44
  end
34
45
 
35
46
  def credentials_path
@@ -58,7 +69,11 @@ module RailsKeyRotator
58
69
  end
59
70
 
60
71
  def say(message)
61
- warn "\e[41;37;1m\n\n\tKeyRotator: Using #{message} for #{env} env\n\e[0m"
72
+ puts "-> #{message}"
73
+ end
74
+
75
+ def say_loud(message)
76
+ warn "\e[41;37;1m\n\n\tKeyRotator(#{env}): #{message}\n\e[0m"
62
77
  end
63
78
 
64
79
  def env
@@ -74,6 +89,7 @@ module RailsKeyRotator
74
89
  end
75
90
 
76
91
  def backup_file(original)
92
+ say "Copy #{original} -> #{original}.bak-#{date}"
77
93
  FileUtils.mv(original, "#{original}.bak-#{date}")
78
94
  end
79
95
 
@@ -86,7 +102,7 @@ module RailsKeyRotator
86
102
  ).read
87
103
  end
88
104
 
89
- def write(contents) # the new configuration
105
+ def write_credentials(contents) # the new configuration
90
106
  ActiveSupport::EncryptedConfiguration.new(
91
107
  config_path: credentials_path,
92
108
  key_path: key_path,
@@ -94,5 +110,10 @@ module RailsKeyRotator
94
110
  raise_if_missing_key: true
95
111
  ).write(contents)
96
112
  end
113
+
114
+ def write_key
115
+ say "Writing #{new_key} to #{key_path}"
116
+ File.write(key_path, new_key)
117
+ end
97
118
  end
98
119
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_key_rotator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leon Berenschot
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-10-15 00:00:00.000000000 Z
11
+ date: 2023-10-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport