secure_credentials 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/secure_credentials.rb +0 -11
  4. data/lib/secure_credentials/encrypted_file.rb +5 -14
  5. data/lib/secure_credentials/rails/application_methods.rb +2 -0
  6. data/lib/secure_credentials/store.rb +22 -5
  7. data/lib/secure_credentials/version.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: baefe8bdd2471d662ae34de970a0407e784ea6305cdb0ed4f8325a5743fecc44
4
- data.tar.gz: e1a11e5de1a3b6c9e5d9612d28e23189bcb3bfd7250b9e2fb09a2993e9a69781
3
+ metadata.gz: d2476d0c44a0cb5df3796eef53a98a2e45863aacd1835ed0c4bf2e2aeb04f370
4
+ data.tar.gz: c9a7ea3212f40ed7ac59bfbae2a93bd2f97221807ccd1f389c9913eca3679d65
5
5
  SHA512:
6
- metadata.gz: f1cdd618b4381eea588ed2703c8b347685d4cf369853e1716fe3f1ad91048898a50571823f3d948ec2ae8b078609e854596393e7f7747e2d7696cdf1edc43c1e
7
- data.tar.gz: 494164b9046a187d753380daba71f72038616edbd363226e9e0e91948023b4b84144f7b839a29e2c3094c48b9cd024df616530fccf74d52eecd61547cd8ddfd1
6
+ metadata.gz: e0b99b7e6728a0f665bd9e13363f8b35c643df8b2632e646d472e1a8e0fa7e6dd3e5523a91bc6888f89e2ce41cc8189cdf0c6bcbd74b999df211706942fcc9b6
7
+ data.tar.gz: 85e319bdde06ec3db186f72825e12cae6f7c59ae6a922049abdbdae030ff05dfd0ea949d24461e6dfd6c5359ec2cfe3ffa59ec4e5bfa8319a09e4007c680c695
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # Unreleased
2
+
3
+ # 0.2.3
4
+ - Fix using explicit `key_path` when different `master.key` exists.
5
+
1
6
  # 0.2.2
2
7
  - Backport encrypted:edit for Rails 5.1.
3
8
 
data/lib/secure_credentials.rb CHANGED
@@ -6,17 +6,6 @@ require 'secure_credentials/version'
6
6
  # is to help you to avoid it.
7
7
  module SecureCredentials
8
8
  class FileNotFound < StandardError; end
9
-
10
- module_function
11
-
12
- attr_writer :master_key
13
-
14
- def master_key
15
- return @master_key if @master_key
16
- return unless defined?(::Rails)
17
- key_path = ::Rails.root.join('config/master.key')
18
- key_path.binread.strip if key_path.exist?
19
- end
20
9
  end
21
10
 
22
11
  require 'secure_credentials/store'
data/lib/secure_credentials/encrypted_file.rb CHANGED
@@ -6,28 +6,19 @@ rescue LoadError
6
6
  end
7
7
 
8
8
  module SecureCredentials
9
- # Wraps ActiveSupport::EncryptedFile and provides passing key as an argument.
10
- # Automatically generates missing key filenames based on store filename.
9
+ # Wraps ActiveSupport::EncryptedFile to accept key as an argument.
11
10
  class EncryptedFile < ActiveSupport::EncryptedFile
12
- class << self
13
- # Same file name but with `.key` extension instead of `.enc`.
14
- def default_key_path_for(filename)
15
- filename.sub_ext('.key')
16
- end
17
- end
18
-
19
- def initialize(path, key = nil, key_path: nil, env_key: nil)
11
+ def initialize(key: nil, key_path: nil, env_key: nil, **options)
20
12
  @key = key
21
13
  super(
22
- content_path: path,
23
- key_path: key_path || self.class.default_key_path_for(path),
14
+ **options,
24
15
  env_key: env_key,
25
- raise_if_missing_key: true,
16
+ key_path: key_path || key && '' # original implementation does not accept nil
26
17
  )
27
18
  end
28
19
 
29
20
  def key
30
- @key || read_env_key || read_key_file || SecureCredentials.master_key || handle_missing_key
21
+ @key || super
31
22
  end
32
23
  end
33
24
  end
data/lib/secure_credentials/rails/application_methods.rb CHANGED
@@ -15,6 +15,8 @@ module SecureCredentials
15
15
  end
16
16
 
17
17
  def read_secure_credentials(path, key_path: nil, **options)
18
+ # Unlike Rails we don't provide default value for key_path
19
+ # to be able to generate it based on path.
18
20
  key_path &&= ::Rails.root.join(key_path)
19
21
  store = Store.new(::Rails.root.join(path), key_path: key_path, env: ::Rails.env, **options)
20
22
  Credentials.new(store)
data/lib/secure_credentials/store.rb CHANGED
@@ -33,10 +33,13 @@ module SecureCredentials
33
33
  # Finds the most appropriate existing file for given path and env.
34
34
  # Returns `[environmental?, encrypted?, filename]`.
35
35
  def detect_filename(path, env)
36
- stub_ext_path = Pathname.new("#{path}.stub")
37
- if path.basename.to_s.include?('.yml')
36
+ # Backward compatibility with original Rails implementation:
37
+ # if filename is given with extension then we don't try to detect
38
+ # environmental and/or encrypted variant.
39
+ if path.basename.to_s =~ /\.yml(\.enc)?\z/i
38
40
  [false, path.basename.to_s.end_with?('.enc'), path]
39
41
  else
42
+ stub_ext_path = Pathname.new("#{path}.stub")
40
43
  [
41
44
  [true, true, stub_ext_path.sub_ext(".#{env}.yml.enc")],
42
45
  [true, false, stub_ext_path.sub_ext(".#{env}.yml")],
@@ -46,6 +49,14 @@ module SecureCredentials
46
49
  end
47
50
  end
48
51
 
52
+ # Looks for key file for given path replacing `.yml.enc` with `.key`.
53
+ # It falls back to `config/master.key` in Rails app if file does not exist.
54
+ def detect_key_path_for(path)
55
+ return unless path.to_s.end_with?('.yml.enc')
56
+ key_path = path.sub_ext('').sub_ext('.key')
57
+ key_path.exist? || !defined?(::Rails) ? key_path : ::Rails.root.join('config/master.key')
58
+ end
59
+
49
60
  def env_key_for(path)
50
61
  "#{path.basename.to_s.upcase}_KEY"
51
62
  end
@@ -60,12 +71,12 @@ module SecureCredentials
60
71
  alias_method :environmental?, :environmental
61
72
  alias_method :encrypted?, :encrypted
62
73
 
63
- def initialize(path, key = nil, env: nil, key_path: nil, env_key: nil)
74
+ def initialize(path, env: nil, key: nil, key_path: nil, env_key: nil)
64
75
  @path = path = Pathname.new(path)
65
76
  @env = env
66
77
  @environmental, @encrypted, @filename = self.class.detect_filename(path, env)
67
78
  @key = key
68
- @key_path = key_path || filename && filename.sub_ext('').sub_ext('.key')
79
+ @key_path = key_path || self.class.detect_key_path_for(filename)
69
80
  @env_key = env_key || self.class.env_key_for(path)
70
81
  end
71
82
 
@@ -107,7 +118,13 @@ module SecureCredentials
107
118
  end
108
119
 
109
120
  def encrypted_file
110
- EncryptedFile.new(filename, key, key_path: key_path, env_key: env_key)
121
+ EncryptedFile.new(
122
+ content_path: filename,
123
+ key: key,
124
+ key_path: key_path,
125
+ env_key: env_key,
126
+ raise_if_missing_key: true
127
+ )
111
128
  end
112
129
  end
113
130
  end
data/lib/secure_credentials/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SecureCredentials
2
- VERSION = '0.2.2'.freeze
2
+ VERSION = '0.2.3'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Max Melentiev
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-03-22 00:00:00.000000000 Z
11
+ date: 2019-12-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport