rails_key_rotator 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29eb6c4fb0ee94eb94483058e009c91b40bc017ff13da75d90f60249c51df5c7
4
- data.tar.gz: cb203507ac300b69adac536d0aee9685c42a09c78b0b3a9d391bfbc4a0ba77c2
3
+ metadata.gz: c1583daf18681adbf057da6b49f0b1d31edde595911bae83460fd0ca7088d38f
4
+ data.tar.gz: 28024ed59be4ed43b9476eb3c0927a0a0a16370949a4c6bb1b98caf4f1ae770e
5
5
  SHA512:
6
- metadata.gz: 87a8d7106191f090426e9d9d6a7d997fa5b972c1a840c76fef0250adab92e56a309bc0a9ca1a127e7ceeecf9195e10a57006adee2748e0d5e9e30e14315162cf
7
- data.tar.gz: 74cb11e1eb92733a54fa3e2051ade59b108578b1b41e02e7e8105297cec4fd96978bbec962214a6b4e8606f358630f333028c7fb0bc1c226b18413811ff84007
6
+ metadata.gz: b54587fcd4c6f39ed55143893c66550222e08eb1e2a6db07a1cafa3e574e78a47ad726b4d4b7cb6c9c24a7a2218ec5ba2054206ca0e30f7830638e56424c08de
7
+ data.tar.gz: 1a02f4f16ebe9ca906b587d2654358282febe8ed5c17348945989a583d70475eb5418a7aaaf4dd8cb9875bd94462124221f0705ea8166e48745527c98b0ebc18
data/README.md CHANGED
@@ -17,9 +17,22 @@ If bundler is not being used to manage dependencies, install the gem by executin
17
17
 
18
18
  1. Run the rake taks
19
19
 
20
- bundle rake key_rotator:rotate
20
+ $ RAILS_ENV=production bundle exec rake key_rotator:rotate
21
+
22
+ Starting process:
23
+ -> Copy config/credentials/production.key -> config/credentials/production.key.bak-2023-10-15-084335
24
+ -> Copy config/credentials/production.yml.enc -> config/credentials/production.yml.enc.bak-2023-10-15-084335
25
+ -> Writing 774ef137809953c633f03233d3ec5d35 to config/credentials/production.key
26
+
27
+ Finished! The next steps are:
28
+
29
+ - Deploy `RAILS_MASTER_KEY_NEW=774ef137809953c633f03233d3ec5d35` to your infrastructure
30
+ - Share the new key w/ your colleagues
31
+ - Commit changes in config/credentials/production.yml.enc
32
+ - Update `RAILS_MASTER_KEY`and remove `RAILS_MASTER_KEY_NEW` from your infrastructure
33
+
34
+ This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key for the current `RAILS_ENV`
21
35
 
22
- This will backup current key / credentials, create a new key and saves encrypts the credentails w/ this new key
23
36
 
24
37
  2. Deploying this variable as an env `RAILS_MASTER_KEY_NEW`
25
38
 
@@ -5,7 +5,7 @@ require "rails"
5
5
  module RailsKeyRotator
6
6
  class Railtie < Rails::Railtie
7
7
  config.before_initialize do
8
- KeyRotator.rotated?
8
+ RailsKeyRotator.rotated?
9
9
  end
10
10
  rake_tasks do
11
11
  load "tasks/key_rotator.rake"
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RailsKeyRotator
4
- VERSION = "0.2.1"
4
+ VERSION = "0.2.3"
5
5
  end
@@ -17,19 +17,30 @@ module RailsKeyRotator
17
17
  if ENV.fetch("RAILS_MASTER_KEY_NEW", false)
18
18
  if can_read_credentials!
19
19
  ENV["RAILS_MASTER_KEY"] = ENV.fetch("RAILS_MASTER_KEY_NEW")
20
- say "NEW key"
20
+ say_loud "Using NEW key"
21
21
  else
22
- say "OLD key"
22
+ say_loud "Using OLD key"
23
23
  end
24
24
  end
25
25
  end
26
26
 
27
27
  def rotate
28
+ puts "Starting process:"
28
29
  decrypted = read(credentials_path) # Decrypt current credentials
29
- backup_file(key_path) # Backup key
30
30
  backup_file(credentials_path) # Backup credentials
31
- File.write(key_path, new_key) # Save new key
32
- write(decrypted) # Save new credentials
31
+ backup_file(key_path) # Backup key
32
+ write_key # Save new key
33
+ write_credentials(decrypted) # Save new credentials
34
+ puts <<~PROCEDURE
35
+
36
+ Finished! The next steps are:
37
+
38
+ - Deploy `RAILS_MASTER_KEY_NEW=#{new_key}` to your infrastructure
39
+ - Share the new key w/ your colleagues
40
+ - Commit changes in #{credentials_path}
41
+ - Update `RAILS_MASTER_KEY`and remove `RAILS_MASTER_KEY_NEW` from your infrastructure
42
+
43
+ PROCEDURE
33
44
  end
34
45
 
35
46
  def credentials_path
@@ -58,7 +69,11 @@ module RailsKeyRotator
58
69
  end
59
70
 
60
71
  def say(message)
61
- warn "\e[41;37;1m\n\n\tKeyRotator: Using #{message} for #{env} env\n\e[0m"
72
+ puts "-> #{message}"
73
+ end
74
+
75
+ def say_loud(message)
76
+ warn "\e[41;37;1m\n\n\tKeyRotator(#{env}): #{message}\n\e[0m"
62
77
  end
63
78
 
64
79
  def env
@@ -74,6 +89,8 @@ module RailsKeyRotator
74
89
  end
75
90
 
76
91
  def backup_file(original)
92
+ raise "File does not exist: #{original}" unless File.exist?(original)
93
+ say "Copy #{original} -> #{original}.bak-#{date}"
77
94
  FileUtils.mv(original, "#{original}.bak-#{date}")
78
95
  end
79
96
 
@@ -81,12 +98,12 @@ module RailsKeyRotator
81
98
  ActiveSupport::EncryptedConfiguration.new(
82
99
  config_path: credentials_path,
83
100
  key_path: key_path,
84
- env_key: "",
101
+ env_key: "RAILS_MASTER_KEY",
85
102
  raise_if_missing_key: true
86
103
  ).read
87
104
  end
88
105
 
89
- def write(contents) # the new configuration
106
+ def write_credentials(contents) # the new configuration
90
107
  ActiveSupport::EncryptedConfiguration.new(
91
108
  config_path: credentials_path,
92
109
  key_path: key_path,
@@ -94,5 +111,10 @@ module RailsKeyRotator
94
111
  raise_if_missing_key: true
95
112
  ).write(contents)
96
113
  end
114
+
115
+ def write_key
116
+ say "Writing #{new_key} to #{key_path}"
117
+ File.write(key_path, new_key)
118
+ end
97
119
  end
98
120
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_key_rotator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leon Berenschot
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-10-15 00:00:00.000000000 Z
11
+ date: 2023-10-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport