secure_credentials 0.2.2 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/secure_credentials.rb +0 -11
  4. data/lib/secure_credentials/encrypted_file.rb +5 -14
  5. data/lib/secure_credentials/rails/application_methods.rb +2 -0
  6. data/lib/secure_credentials/store.rb +22 -5
  7. data/lib/secure_credentials/version.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: baefe8bdd2471d662ae34de970a0407e784ea6305cdb0ed4f8325a5743fecc44
4
- data.tar.gz: e1a11e5de1a3b6c9e5d9612d28e23189bcb3bfd7250b9e2fb09a2993e9a69781
3
+ metadata.gz: d2476d0c44a0cb5df3796eef53a98a2e45863aacd1835ed0c4bf2e2aeb04f370
4
+ data.tar.gz: c9a7ea3212f40ed7ac59bfbae2a93bd2f97221807ccd1f389c9913eca3679d65
5
5
  SHA512:
6
- metadata.gz: f1cdd618b4381eea588ed2703c8b347685d4cf369853e1716fe3f1ad91048898a50571823f3d948ec2ae8b078609e854596393e7f7747e2d7696cdf1edc43c1e
7
- data.tar.gz: 494164b9046a187d753380daba71f72038616edbd363226e9e0e91948023b4b84144f7b839a29e2c3094c48b9cd024df616530fccf74d52eecd61547cd8ddfd1
6
+ metadata.gz: e0b99b7e6728a0f665bd9e13363f8b35c643df8b2632e646d472e1a8e0fa7e6dd3e5523a91bc6888f89e2ce41cc8189cdf0c6bcbd74b999df211706942fcc9b6
7
+ data.tar.gz: 85e319bdde06ec3db186f72825e12cae6f7c59ae6a922049abdbdae030ff05dfd0ea949d24461e6dfd6c5359ec2cfe3ffa59ec4e5bfa8319a09e4007c680c695
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # Unreleased
2
+
3
+ # 0.2.3
4
+ - Fix using explicit `key_path` when different `master.key` exists.
5
+
1
6
  # 0.2.2
2
7
  - Backport encrypted:edit for Rails 5.1.
3
8
 
data/lib/secure_credentials.rb CHANGED
@@ -6,17 +6,6 @@ require 'secure_credentials/version'
6
6
  # is to help you to avoid it.
7
7
  module SecureCredentials
8
8
  class FileNotFound < StandardError; end
9
-
10
- module_function
11
-
12
- attr_writer :master_key
13
-
14
- def master_key
15
- return @master_key if @master_key
16
- return unless defined?(::Rails)
17
- key_path = ::Rails.root.join('config/master.key')
18
- key_path.binread.strip if key_path.exist?
19
- end
20
9
  end
21
10
 
22
11
  require 'secure_credentials/store'
data/lib/secure_credentials/encrypted_file.rb CHANGED
@@ -6,28 +6,19 @@ rescue LoadError
6
6
  end
7
7
 
8
8
  module SecureCredentials
9
- # Wraps ActiveSupport::EncryptedFile and provides passing key as an argument.
10
- # Automatically generates missing key filenames based on store filename.
9
+ # Wraps ActiveSupport::EncryptedFile to accept key as an argument.
11
10
  class EncryptedFile < ActiveSupport::EncryptedFile
12
- class << self
13
- # Same file name but with `.key` extension instead of `.enc`.
14
- def default_key_path_for(filename)
15
- filename.sub_ext('.key')
16
- end
17
- end
18
-
19
- def initialize(path, key = nil, key_path: nil, env_key: nil)
11
+ def initialize(key: nil, key_path: nil, env_key: nil, **options)
20
12
  @key = key
21
13
  super(
22
- content_path: path,
23
- key_path: key_path || self.class.default_key_path_for(path),
14
+ **options,
24
15
  env_key: env_key,
25
- raise_if_missing_key: true,
16
+ key_path: key_path || key && '' # original implementation does not accept nil
26
17
  )
27
18
  end
28
19
 
29
20
  def key
30
- @key || read_env_key || read_key_file || SecureCredentials.master_key || handle_missing_key
21
+ @key || super
31
22
  end
32
23
  end
33
24
  end
data/lib/secure_credentials/rails/application_methods.rb CHANGED
@@ -15,6 +15,8 @@ module SecureCredentials
15
15
  end
16
16
 
17
17
  def read_secure_credentials(path, key_path: nil, **options)
18
+ # Unlike Rails we don't provide default value for key_path
19
+ # to be able to generate it based on path.
18
20
  key_path &&= ::Rails.root.join(key_path)
19
21
  store = Store.new(::Rails.root.join(path), key_path: key_path, env: ::Rails.env, **options)
20
22
  Credentials.new(store)
data/lib/secure_credentials/store.rb CHANGED
@@ -33,10 +33,13 @@ module SecureCredentials
33
33
  # Finds the most appropriate existing file for given path and env.
34
34
  # Returns `[environmental?, encrypted?, filename]`.
35
35
  def detect_filename(path, env)
36
- stub_ext_path = Pathname.new("#{path}.stub")
37
- if path.basename.to_s.include?('.yml')
36
+ # Backward compatibility with original Rails implementation:
37
+ # if filename is given with extension then we don't try to detect
38
+ # environmental and/or encrypted variant.
39
+ if path.basename.to_s =~ /\.yml(\.enc)?\z/i
38
40
  [false, path.basename.to_s.end_with?('.enc'), path]
39
41
  else
42
+ stub_ext_path = Pathname.new("#{path}.stub")
40
43
  [
41
44
  [true, true, stub_ext_path.sub_ext(".#{env}.yml.enc")],
42
45
  [true, false, stub_ext_path.sub_ext(".#{env}.yml")],
@@ -46,6 +49,14 @@ module SecureCredentials
46
49
  end
47
50
  end
48
51
 
52
+ # Looks for key file for given path replacing `.yml.enc` with `.key`.
53
+ # It falls back to `config/master.key` in Rails app if file does not exist.
54
+ def detect_key_path_for(path)
55
+ return unless path.to_s.end_with?('.yml.enc')
56
+ key_path = path.sub_ext('').sub_ext('.key')
57
+ key_path.exist? || !defined?(::Rails) ? key_path : ::Rails.root.join('config/master.key')
58
+ end
59
+
49
60
  def env_key_for(path)
50
61
  "#{path.basename.to_s.upcase}_KEY"
51
62
  end
@@ -60,12 +71,12 @@ module SecureCredentials
60
71
  alias_method :environmental?, :environmental
61
72
  alias_method :encrypted?, :encrypted
62
73
 
63
- def initialize(path, key = nil, env: nil, key_path: nil, env_key: nil)
74
+ def initialize(path, env: nil, key: nil, key_path: nil, env_key: nil)
64
75
  @path = path = Pathname.new(path)
65
76
  @env = env
66
77
  @environmental, @encrypted, @filename = self.class.detect_filename(path, env)
67
78
  @key = key
68
- @key_path = key_path || filename && filename.sub_ext('').sub_ext('.key')
79
+ @key_path = key_path || self.class.detect_key_path_for(filename)
69
80
  @env_key = env_key || self.class.env_key_for(path)
70
81
  end
71
82
 
@@ -107,7 +118,13 @@ module SecureCredentials
107
118
  end
108
119
 
109
120
  def encrypted_file
110
- EncryptedFile.new(filename, key, key_path: key_path, env_key: env_key)
121
+ EncryptedFile.new(
122
+ content_path: filename,
123
+ key: key,
124
+ key_path: key_path,
125
+ env_key: env_key,
126
+ raise_if_missing_key: true
127
+ )
111
128
  end
112
129
  end
113
130
  end
data/lib/secure_credentials/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SecureCredentials
2
- VERSION = '0.2.2'.freeze
2
+ VERSION = '0.2.3'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Max Melentiev
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-03-22 00:00:00.000000000 Z
11
+ date: 2019-12-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport