secure_credentials 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f105345f86816004375c9c6aec5e6d48330f14768e4da243f0f0edf0894341b
-  data.tar.gz: c0a64940f0b7d72c8f338797dc4d35dd1493c88f8fdb2abd733ba6d7bb152947
+  metadata.gz: baefe8bdd2471d662ae34de970a0407e784ea6305cdb0ed4f8325a5743fecc44
+  data.tar.gz: e1a11e5de1a3b6c9e5d9612d28e23189bcb3bfd7250b9e2fb09a2993e9a69781
 SHA512:
-  metadata.gz: 36475092d3f12f08d1ab749694318bafe52c88a84b873149ab51fe3e13eaddd8dea317d1c05d541ec58a692a9c984d63a33cfe01c6094f64bc1484f71f265760
-  data.tar.gz: 6234c6c383e3ceff2c6db4f502e11a2325d7d61c8b1511588205d50f5750bbd90ebc26da5f0d631d7b67bc7aca246914abce0a0cecf0e9dc7a0873676fcecd74
+  metadata.gz: f1cdd618b4381eea588ed2703c8b347685d4cf369853e1716fe3f1ad91048898a50571823f3d948ec2ae8b078609e854596393e7f7747e2d7696cdf1edc43c1e
+  data.tar.gz: 494164b9046a187d753380daba71f72038616edbd363226e9e0e91948023b4b84144f7b839a29e2c3094c48b9cd024df616530fccf74d52eecd61547cd8ddfd1

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+# 0.2.2
+- Backport encrypted:edit for Rails 5.1.
+
 # 0.2.1
 - Rails 5.1 support.
 

data/lib/rails/commands/encrypted_command.rb

@@ -0,0 +1,201 @@
+# Backport of encrypted:edit command from Rails 5.2 to Rails 5.1.
+
+if Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new('5.2')
+  raise 'This file should not be required with your rails version. Please file an issue.'
+end
+
+# rubocop:disable all
+
+module Rails
+  module Command
+    module Helpers
+      module Editor
+        private
+          def ensure_editor_available(command:)
+            if ENV["EDITOR"].to_s.empty?
+              say "No $EDITOR to open file in. Assign one like this:"
+              say ""
+              say %(EDITOR="mate --wait" #{command})
+              say ""
+              say "For editors that fork and exit immediately, it's important to pass a wait flag,"
+              say "otherwise the credentials will be saved immediately with no chance to edit."
+
+              false
+            else
+              true
+            end
+          end
+
+          def catch_editing_exceptions
+            yield
+          rescue Interrupt
+            say "Aborted changing file: nothing saved."
+          rescue ActiveSupport::EncryptedFile::MissingKeyError => error
+            say error.message
+          end
+      end
+    end
+  end
+end
+
+module Rails
+  module Command
+    class EncryptedCommand < Rails::Command::Base # :nodoc:
+      include Helpers::Editor
+
+      class_option :key, aliases: "-k", type: :string,
+        default: "config/master.key", desc: "The Rails.root relative path to the encryption key"
+
+      no_commands do
+        def help
+          say "Usage:\n  #{self.class.banner}"
+          say ""
+        end
+      end
+
+      def edit(file_path)
+        require_application_and_environment!
+        encrypted = Rails.application.encrypted(file_path, key_path: options[:key])
+
+        ensure_editor_available(command: "bin/rails encrypted:edit") || (return)
+        ensure_encryption_key_has_been_added(options[:key]) if encrypted.key.nil?
+        ensure_encrypted_file_has_been_added(file_path, options[:key])
+
+        catch_editing_exceptions do
+          change_encrypted_file_in_system_editor(file_path, options[:key])
+        end
+
+        say "File encrypted and saved."
+      rescue ActiveSupport::MessageEncryptor::InvalidMessage
+        say "Couldn't decrypt #{file_path}. Perhaps you passed the wrong key?"
+      end
+
+      def show(file_path)
+        require_application_and_environment!
+        encrypted = Rails.application.encrypted(file_path, key_path: options[:key])
+
+        say encrypted.read.presence || missing_encrypted_message(key: encrypted.key, key_path: options[:key], file_path: file_path)
+      end
+
+      private
+        def ensure_encryption_key_has_been_added(key_path)
+          encryption_key_file_generator.add_key_file(key_path)
+          encryption_key_file_generator.ignore_key_file(key_path)
+        end
+
+        def ensure_encrypted_file_has_been_added(file_path, key_path)
+          encrypted_file_generator.add_encrypted_file_silently(file_path, key_path)
+        end
+
+        def change_encrypted_file_in_system_editor(file_path, key_path)
+          Rails.application.encrypted(file_path, key_path: key_path).change do |tmp_path|
+            system("#{ENV["EDITOR"]} #{tmp_path}")
+          end
+        end
+
+
+        def encryption_key_file_generator
+          require "rails/generators"
+          # require "rails/generators/rails/encryption_key_file/encryption_key_file_generator"
+
+          Rails::Generators::EncryptionKeyFileGenerator.new
+        end
+
+        def encrypted_file_generator
+          require "rails/generators"
+          # require "rails/generators/rails/encrypted_file/encrypted_file_generator"
+
+          Rails::Generators::EncryptedFileGenerator.new
+        end
+
+        def missing_encrypted_message(key:, key_path:, file_path:)
+          if key.nil?
+            "Missing '#{key_path}' to decrypt data. See bin/rails encrypted:help"
+          else
+            "File '#{file_path}' does not exist. Use bin/rails encrypted:edit #{file_path} to change that."
+          end
+        end
+    end
+  end
+end
+
+require "rails/generators"
+require "rails/generators/base"
+
+module Rails
+  module Generators
+    class EncryptedFileGenerator < Base # :nodoc:
+      def add_encrypted_file_silently(file_path, key_path, template = encrypted_file_template)
+        unless File.exist?(file_path)
+          setup = { content_path: file_path, key_path: key_path, env_key: "RAILS_MASTER_KEY", raise_if_missing_key: true }
+          ActiveSupport::EncryptedFile.new(setup).write(template)
+        end
+      end
+
+      private
+        def encrypted_file_template
+          <<-YAML.strip_heredoc
+          # aws:
+          #   access_key_id: 123
+          #   secret_access_key: 345
+
+          YAML
+        end
+    end
+  end
+end
+
+module Rails
+  module Generators
+    class EncryptionKeyFileGenerator < Base # :nodoc:
+      def add_key_file(key_path)
+        key_path = Pathname.new(key_path)
+
+        unless key_path.exist?
+          key = ActiveSupport::EncryptedFile.generate_key
+
+          log "Adding #{key_path} to store the encryption key: #{key}"
+          log ""
+          log "Save this in a password manager your team can access."
+          log ""
+          log "If you lose the key, no one, including you, can access anything encrypted with it."
+
+          log ""
+          add_key_file_silently(key_path, key)
+          log ""
+        end
+      end
+
+      def add_key_file_silently(key_path, key = nil)
+        create_file key_path, key || ActiveSupport::EncryptedFile.generate_key
+        key_path.chmod 0600
+      end
+
+      def ignore_key_file(key_path, ignore: key_ignore(key_path))
+        if File.exist?(".gitignore")
+          unless File.read(".gitignore").include?(ignore)
+            log "Ignoring #{key_path} so it won't end up in Git history:"
+            log ""
+            append_to_file ".gitignore", ignore
+            log ""
+          end
+        else
+          log "IMPORTANT: Don't commit #{key_path}. Add this to your ignore file:"
+          log ignore, :on_green
+          log ""
+        end
+      end
+
+      def ignore_key_file_silently(key_path, ignore: key_ignore(key_path))
+        append_to_file ".gitignore", ignore if File.exist?(".gitignore")
+      end
+
+      private
+        def key_ignore(key_path)
+          [ "", "/#{key_path}", "" ].join("\n")
+        end
+    end
+  end
+end
+
+# rubocop:enable all

data/lib/secure_credentials/version.rb

@@ -1,3 +1,3 @@
 module SecureCredentials
-  VERSION = '0.2.1'.freeze
+  VERSION = '0.2.2'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secure_credentials
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Max Melentiev
@@ -75,6 +75,7 @@ files:
 - bin/setup
 - gemfiles/rails_5.1.gemfile
 - gemfiles/rails_5.2.gemfile
+- lib/rails/commands/encrypted_command.rb
 - lib/secure_credentials.rb
 - lib/secure_credentials/active_support/encrypted_file.rb
 - lib/secure_credentials/credentials.rb