secvault 1.0.3 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1feb00404603d98e5aa714c5d3eeeab9821c16922da68196b394166c96180869
-  data.tar.gz: 1d1b3c9db92ab5eae322e3803294eb689f81064a8625f16ea2d24d78bbdafc9d
+  metadata.gz: 99d7d1404f42246f62cbc8349ab689b43e8f24fa0ea52dd0e10910dee9615dcc
+  data.tar.gz: 4453d7ebce5a81e9e5fe0ed1dcd0df410a442ff669dd8dde02c15c3db3209a2e
 SHA512:
-  metadata.gz: f74172837da3d461a3022574678b79ff322afb0cfa87bab3f5c09ddac4d5eff508fa573b67fe15571122c93ec62611f23405117ec2e33092fe1d61a1ad615ab1
-  data.tar.gz: 353b087160697768744a51a1404bf30f2c8b1e7ca22e9d95c833088b003a44fb0e897f03f57dd1df780c193e2f8c81b0a5b41323a23d2ea10730de1599cad817
+  metadata.gz: c11facd4f7abd26f8ecc9bbccabf0ede865210e220a944aee8e4640cd7851237db2c3bebeba2bc9ddee96a5fe52fa70c324f9b3f5aee4e9a09378ebf2703c91a
+  data.tar.gz: f01237875bb61dac4a8e145adeb05c36813937f72a9d4af85c3ae6e5069c02e0df9efd4df7e1f30dee9263fc69543eb04ebbb2a6998b29a30fbced84702ada90

data/CHANGELOG.md

@@ -1,5 +1,88 @@
 ## [Unreleased]
 
+## [2.0.0] - 2025-09-22
+
+### BREAKING CHANGES
+
+- **Removed all encryption functionality** - Secvault now focuses purely on plain YAML secrets management
+- Removed ActiveSupport::EncryptedFile dependencies
+- Removed MissingKeyError and InvalidKeyError exceptions
+- Removed `encrypted?`, `decrypt`, `decrypt_secrets` methods
+- Simplified rake tasks to work with plain YAML only
+
+### Added
+
+- Simplified `rake secvault:setup` that creates plain YAML files with helpful comments
+- Better error messages and user guidance in rake tasks
+- Cleaner, more focused codebase without encryption complexity
+
+### Changed
+
+- **Major simplification**: All secrets are now stored in plain YAML files
+- Updated README to reflect plain YAML approach
+- Updated module documentation and gemspec descriptions
+- Rake tasks now use emojis and better user experience
+- Production secrets should use ERB syntax with environment variables
+
+### Benefits
+
+- Much simpler gem with single focus: plain YAML secrets management
+- No encryption keys to manage or lose
+- Easy to understand, edit, and debug secrets files
+- Perfect for development and test environments
+- Production secrets via environment variables (recommended best practice)
+
+## [1.0.4] - 2025-09-22
+
+### Added
+
+- Comprehensive Rails 7.1 integration support
+- New `Secvault.setup_rails_71_integration!` helper method for easy Rails 7.1 setup
+- Enhanced documentation with Rails 7.1 integration guide
+- Module-level documentation with usage examples and version compatibility
+
+### Improved
+
+- Better Rails 7.1 compatibility with automatic detection and setup
+- Enhanced README with Rails 7.1 integration section
+- Improved error handling and logging for Rails 7.1 integration
+- More comprehensive inline documentation
+
+### Changed
+
+- Refined automatic setup logic to avoid conflicts with Rails 7.1 native functionality
+- Updated gemspec description to include Rails 7.1+ support
+
+## [1.0.3] - 2025-09-22
+
+### Fixed
+
+- Rails 7.1 compatibility issues with native Rails::Secrets conflicts
+- String path handling in parse method
+- Zeitwerk constant name mismatch resolution
+
+### Added
+
+- Manual setup method for Rails 7.1 (opt-in)
+- Rails version detection for automatic setup decisions
+- Only create Rails::Secrets alias for Rails 7.2+ to avoid conflicts
+
+## [1.0.2] - 2025-09-22
+
+### Changed
+
+- Updated Rails dependency from >= 7.2.0 to >= 7.1.0 for broader compatibility
+- Updated gem description to include Rails 7.1+ support
+
+## [1.0.1] - 2025-09-22
+
+### Fixed
+
+- Zeitwerk constant name mismatch in rails_secrets.rb
+- Changed module definition from Rails::Secrets to Secvault::RailsSecrets
+- Added Rails::Secrets alias for backward compatibility
+- Resolved Zeitwerk::NameError when loading Rails applications
+
 ## [1.0.0] - 2025-09-22
 
 ### Added

data/README.md

@@ -1,209 +1,87 @@
 # Secvault
 
-**Secvault** restores the classic Rails `secrets.yml` functionality that was removed in Rails 7.2, allowing you to manage encrypted secrets using the familiar YAML-based approach.
+Restores the classic Rails `secrets.yml` functionality that was removed in Rails 7.2. Uses simple, plain YAML files for environment-specific secrets management.
 
-## Why Secvault?
-
-Rails 7.2 removed the `secrets.yml` functionality completely in favor of credentials. However, many teams prefer the simplicity and familiarity of `secrets.yml` for managing environment-specific secrets. Secvault brings this functionality back with modern encryption support.
-
-## Features
-
-- 🔐 **Encrypted secrets.yml** - Uses Rails' built-in encryption system
-- 🔑 **Key management** - Secure key generation and management
-- 🌍 **Environment-specific** - Different secrets for development, test, and production
-- 📝 **ERB support** - Use ERB templates in your secrets files
-- 🛠️ **Rake tasks** - Easy management with built-in rake tasks
-- 🚀 **Rails 7.2+ compatible** - Works seamlessly with modern Rails
+**Rails Version Support:**
+- **Rails 7.1**: Manual setup (see Rails 7.1 Integration below)
+- **Rails 7.2+**: Automatic setup
+- **Rails 8.0+**: Full compatibility
 
 ## Installation
 
-Add this line to your application's Gemfile:
-
 ```ruby
+# Gemfile
 gem 'secvault'
 ```
 
-And then execute:
-
-```bash
-$ bundle install
-```
-
-## Setup
-
-### 1. Generate secrets file
-
-Run the setup task to create your encrypted `secrets.yml`:
-
-```bash
-$ rake secvault:setup
-```
-
-This will:
-- Generate `config/secrets.yml.key` (keep this secure!)
-- Create an encrypted `config/secrets.yml` with default content
-- Remind you to add the key file to `.gitignore`
-
-Alternatively, use the Rails generator:
-
-```bash
-$ rails generate secvault:secrets
-```
-
-### 2. Add key to .gitignore
-
-Ensure your encryption key is not committed to version control:
-
 ```bash
-echo "/config/secrets.yml.key" >> .gitignore
+bundle install
 ```
 
-## Usage
-
-### Editing secrets
-
-Edit your encrypted secrets file:
+## Quick Start (Rails 7.2+)
 
 ```bash
-$ rake secvault:edit
-```
-
-This opens the decrypted file in your `$EDITOR`.
-
-### Viewing secrets
-
-View the decrypted content:
+# 1. Create secrets.yml with rake task
+rake secvault:setup
 
-```bash
-$ rake secvault:show
+# 2. Edit secrets
+rake secvault:edit
 ```
 
-### Accessing secrets in your application
-
-Secrets are automatically loaded into `Rails.application.secrets`:
-
+**Usage in your app:**
 ```ruby
-# In your Rails application
-Rails.application.secrets.secret_key_base
 Rails.application.secrets.api_key
 Rails.application.secrets.database_password
 ```
 
-### Example secrets.yml structure
-
+**Example secrets.yml:**
 ```yaml
-# config/secrets.yml (encrypted)
 development:
-  secret_key_base: your_development_secret
-  api_key: dev_api_key
+  api_key: dev_key
   database_password: dev_password
 
-test:
-  secret_key_base: your_test_secret
-  api_key: test_api_key
-  database_password: test_password
-
 production:
-  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
   api_key: <%= ENV['API_KEY'] %>
   database_password: <%= ENV['DATABASE_PASSWORD'] %>
 ```
 
-### Environment variable fallback
-
-You can set the encryption key via environment variable:
-
-```bash
-export RAILS_SECRETS_KEY=your_encryption_key
-```
-
-## Production Deployment
-
-### Option 1: Environment Variable
-
-Set the encryption key as an environment variable:
-
-```bash
-export RAILS_SECRETS_KEY=your_encryption_key
-```
-
-### Option 2: Key File
-
-Securely copy `config/secrets.yml.key` to your production server.
-
-### Docker
-
-For Docker deployments, you can pass the key as an environment variable:
-
-```dockerfile
-ENV RAILS_SECRETS_KEY=your_encryption_key
+**Production:** Use environment variables in your YAML:
+```yaml
+production:
+  api_key: <%= ENV['API_KEY'] %>
 ```
 
-## Rake Tasks
-
-| Task | Description |
-|------|-------------|
-| `rake secvault:setup` | Create encrypted secrets.yml and key |
-| `rake secvault:edit` | Edit the encrypted secrets file |
-| `rake secvault:show` | Display decrypted secrets content |
-
-## Migration from Rails < 7.2
-
-If you're upgrading from an older Rails version that had `secrets.yml`:
-
-1. Install secvault: `bundle add secvault`
-2. Encrypt existing secrets: `rake secvault:setup`
-3. Copy your existing secrets content using `rake secvault:edit`
-4. Remove the old plain-text `config/secrets.yml`
+## Rails 7.1 Integration
 
-## Security Best Practices
+Test Secvault in Rails 7.1 before upgrading to 7.2+:
 
-- ✅ **Never commit** `config/secrets.yml.key` to version control
-- ✅ **Use environment variables** for production secrets when possible  
-- ✅ **Rotate keys** periodically
-- ✅ **Use strong, unique keys** for each environment
-- ✅ **Limit access** to key files in production
-
-## Troubleshooting
-
-### Missing Key Error
-
-```
-Missing encryption key to decrypt secrets.yml
+```ruby
+# config/initializers/secvault.rb
+Secvault.setup_rails_71_integration!
 ```
 
-**Solution**: Ensure `config/secrets.yml.key` exists or set `RAILS_SECRETS_KEY` environment variable.
+This replaces Rails.application.secrets with Secvault functionality. Your existing Rails 7.1 code works unchanged:
 
-### Invalid Key Error
-
-```
-Invalid encryption key for secrets.yml
+```ruby
+Rails.application.secrets.api_key          # ✅ Works
+Rails.application.secrets.oauth_settings   # ✅ Works
+Rails::Secrets.parse_default               # ✅ Enhanced functionality
 ```
 
-**Solution**: The key doesn't match the encrypted file. Verify you're using the correct key.
-
-### File Not Found
+## Available Commands
 
+```bash
+rake secvault:setup    # Create plain secrets.yml file
+rake secvault:edit     # Edit secrets.yml file
+rake secvault:show     # Display secrets.yml content
 ```
-Secrets file doesn't exist
-```
-
-**Solution**: Run `rake secvault:setup` to create the secrets file.
-
-## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests.
+## Security
 
-To install this gem onto your local machine, run `bundle exec rake install`.
-
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at https://github.com/unnitallman/secvault.
+⚠️ Never commit production secrets to version control  
+✅ Use environment variables for production secrets with ERB syntax: `<%= ENV['SECRET'] %>`  
+✅ Add `config/secrets.yml` to `.gitignore` if it contains sensitive data
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
-
-## Code of Conduct
-
-Everyone interacting in the Secvault project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/secvault/blob/main/CODE_OF_CONDUCT.md).
+MIT License - see [LICENSE](https://opensource.org/licenses/MIT)

data/lib/secvault/secrets.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require "active_support/encrypted_file"
 require "active_support/core_ext/hash/keys"
-require "active_support/core_ext/object/blank"
 require "active_support/ordered_options"
 require "pathname"
 require "erb"
@@ -16,20 +14,19 @@ module Secvault
         return unless rails_7_2_or_later?
         
         secrets_path = app.root.join("config/secrets.yml")
-        key_path = app.root.join("config/secrets.yml.key")
 
         if secrets_path.exist?
           # Use a more reliable approach that works in all environments
           app.config.before_configuration do
             current_env = ENV['RAILS_ENV'] || Rails.env || 'development'
-            setup_secrets_immediately(app, secrets_path, key_path, current_env)
+            setup_secrets_immediately(app, secrets_path, current_env)
           end
           
           # Also try during to_prepare as a fallback
           app.config.to_prepare do
             current_env = Rails.env
             unless Rails.application.respond_to?(:secrets) && !Rails.application.secrets.empty?
-              setup_secrets_immediately(app, secrets_path, key_path, current_env)
+              setup_secrets_immediately(app, secrets_path, current_env)
             end
           end
         end
@@ -38,19 +35,18 @@ module Secvault
       # Manual setup method for Rails 7.1 (opt-in)
       def setup_for_rails_71!(app)
         secrets_path = app.root.join("config/secrets.yml")
-        key_path = app.root.join("config/secrets.yml.key")
 
         if secrets_path.exist?
           app.config.before_configuration do
             current_env = ENV['RAILS_ENV'] || Rails.env || 'development'
-            setup_secrets_immediately(app, secrets_path, key_path, current_env)
+            setup_secrets_immediately(app, secrets_path, current_env)
           end
         end
       end
 
-      def setup_secrets_immediately(app, secrets_path, key_path, env)
+      def setup_secrets_immediately(app, secrets_path, env)
         # Set up secrets if they exist
-        secrets = read_secrets(secrets_path, key_path, env)
+        secrets = read_secrets(secrets_path, env)
         if secrets
           # Rails 8.0+ compatibility: Add secrets accessor that initializes on first access
           unless Rails.application.respond_to?(:secrets)
@@ -58,7 +54,7 @@ module Secvault
               @secrets ||= begin
                 current_secrets = ActiveSupport::OrderedOptions.new
                 # Re-read secrets to ensure we have the right environment
-                env_secrets = Secvault::Secrets.read_secrets(secrets_path, key_path, Rails.env)
+                env_secrets = Secvault::Secrets.read_secrets(secrets_path, Rails.env)
                 current_secrets.merge!(env_secrets) if env_secrets
                 current_secrets
               end
@@ -73,19 +69,15 @@ module Secvault
       end
 
       # Classic Rails::Secrets.parse implementation
-      # Parses secrets files and merges shared + environment-specific sections
+      # Parses plain YAML secrets files and merges shared + environment-specific sections
       def parse(paths, env:)
         paths.each_with_object(Hash.new) do |path, all_secrets|
           # Handle string paths by converting to Pathname
           path = Pathname.new(path) unless path.respond_to?(:exist?)
           next unless path.exist?
           
-          # Read and process the file content (handle both encrypted and plain)
-          source = if encrypted?(path)
-            decrypt(path)
-          else
-            preprocess(path)
-          end
+          # Read and process the plain YAML file content
+          source = path.read
           
           # Process ERB and parse YAML
           erb_result = ERB.new(source).result
@@ -102,22 +94,12 @@ module Secvault
           all_secrets.merge!(secrets[env].deep_symbolize_keys) if secrets[env]
         end
       end
-      
-      # Helper method to preprocess plain YAML files (for ERB)
-      def preprocess(path)
-        path.read
-      end
 
-      def read_secrets(secrets_path, key_path, env)
+      def read_secrets(secrets_path, env)
         if secrets_path.exist?
-          all_secrets = if key_path.exist? || encrypted?(secrets_path)
-            # Handle encrypted secrets.yml
-            decrypt_secrets(secrets_path, key_path)
-          else
-            # Handle plain YAML secrets.yml
-            YAML.safe_load(ERB.new(secrets_path.read).result, aliases: true)
-          end
-
+          # Handle plain YAML secrets.yml only
+          all_secrets = YAML.safe_load(ERB.new(secrets_path.read).result, aliases: true)
+          
           env_secrets = all_secrets[env.to_s]
           return env_secrets.deep_symbolize_keys if env_secrets
         end
@@ -125,46 +107,7 @@ module Secvault
         {}
       end
 
-      def encrypted?(path)
-        # Simple heuristic to detect if file is encrypted
-        content = path.read
-        # Encrypted files typically contain non-printable characters
-        !content.valid_encoding? || content.bytes.any? { |b| b < 32 && b != 10 && b != 13 }
-      rescue
-        false
-      end
-
       private
-
-      def decrypt_secrets(secrets_path, key_path)
-        encrypted_file = ActiveSupport::EncryptedFile.new(
-          content_path: secrets_path,
-          key_path: key_path,
-          env_key: "RAILS_SECRETS_KEY",
-          raise_if_missing_key: true
-        )
-
-        content = encrypted_file.read
-        YAML.safe_load(ERB.new(content).result, aliases: true) if content.present?
-      rescue ActiveSupport::EncryptedFile::MissingKeyError
-        raise MissingKeyError,
-          "Missing encryption key to decrypt secrets.yml. " \
-          "Ask your team for your secrets key and put it in config/secrets.yml.key"
-      rescue ActiveSupport::EncryptedFile::InvalidMessage
-        raise InvalidKeyError,
-          "Invalid encryption key for secrets.yml."
-      end
-
-      def decrypt(path)
-        key_path = Pathname.new("#{path}.key")
-        encrypted_file = ActiveSupport::EncryptedFile.new(
-          content_path: path,
-          key_path: key_path,
-          env_key: "RAILS_SECRETS_KEY",
-          raise_if_missing_key: true
-        )
-        encrypted_file.read
-      end
       
       def rails_7_2_or_later?
         rails_version = Rails.version

data/lib/secvault/tasks.rake

@@ -1,135 +1,75 @@
 # frozen_string_literal: true
 
-require "active_support/encrypted_file"
 require "securerandom"
 
 namespace :secvault do
-  desc "Setup secrets.yml file (plain YAML by default)"
+  desc "Create a plain YAML secrets.yml file"
   task setup: :environment do
     secrets_path = Rails.root.join("config/secrets.yml")
-    key_path = Rails.root.join("config/secrets.yml.key")
-    encrypted = ENV["ENCRYPTED"] == "true"
 
     if secrets_path.exist?
       puts "Secrets file already exists at #{secrets_path}"
     else
       default_content = <<~YAML
-        # Be sure to restart your server when you modify this file.
+        # Plain YAML secrets file
+        # Environment-specific secrets for your Rails application
         #
-        # Your secret key is used for verifying the integrity of signed cookies.
-        # If you change this key, all old signed cookies will become invalid!
-        #
-        # Make sure the secret is at least 30 characters and all random,
-        # no regular words or you'll be exposed to dictionary attacks.
-        # You can use `rails secret` to generate a secure secret key.
+        # For production, use environment variables with ERB syntax:
+        # production:
+        #   api_key: <%= ENV['API_KEY'] %>
 
         development:
           secret_key_base: #{SecureRandom.hex(64)}
+          # Add your development secrets here
+          # api_key: dev_key
+          # database_password: dev_password
 
         test:
           secret_key_base: #{SecureRandom.hex(64)}
+          # Add your test secrets here
+          # api_key: test_key
 
-        # Do not keep production secrets in the repository,
-        # instead read values from the environment.
         production:
           secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+          # Use environment variables for production secrets
+          # api_key: <%= ENV["API_KEY"] %>
+          # database_password: <%= ENV["DATABASE_PASSWORD"] %>
       YAML
 
-      if encrypted
-        # Create encrypted file
-        unless key_path.exist?
-          key = ActiveSupport::EncryptedFile.generate_key
-          File.write(key_path, key)
-          puts "Generated encryption key in #{key_path}"
-        end
-
-        encrypted_file = ActiveSupport::EncryptedFile.new(
-          content_path: secrets_path,
-          key_path: key_path,
-          env_key: "RAILS_SECRETS_KEY",
-          raise_if_missing_key: true
-        )
-        encrypted_file.write(default_content)
-        puts "Created encrypted secrets.yml file"
-        puts "Add #{key_path} to your .gitignore file"
-      else
-        # Create plain YAML file
-        File.write(secrets_path, default_content)
-        puts "Created plain secrets.yml file"
-        puts "Remember to add #{secrets_path} to your .gitignore if it contains sensitive data"
-      end
+      File.write(secrets_path, default_content)
+      puts "✅ Created plain secrets.yml file at #{secrets_path}"
+      puts "⚠️  Remember to add production secrets as environment variables"
+      puts "⚠️  Never commit production secrets to version control"
     end
   end
 
-  desc "Edit secrets.yml file"
+  desc "Edit the plain YAML secrets.yml file"
   task edit: :environment do
     secrets_path = Rails.root.join("config/secrets.yml")
-    key_path = Rails.root.join("config/secrets.yml.key")
 
     unless secrets_path.exist?
       puts "Secrets file doesn't exist. Run 'rake secvault:setup' first."
       exit 1
     end
 
-    # Check if file is encrypted
-    is_encrypted = Secvault::Secrets.encrypted?(secrets_path)
-
-    if is_encrypted && key_path.exist?
-      # Handle encrypted file
-      encrypted_file = ActiveSupport::EncryptedFile.new(
-        content_path: secrets_path,
-        key_path: key_path,
-        env_key: "RAILS_SECRETS_KEY",
-        raise_if_missing_key: true
-      )
-
-      encrypted_file.change do |tmp_path|
-        system("#{ENV["EDITOR"] || "vi"} #{tmp_path}")
-      end
-
-      puts "Updated encrypted #{secrets_path}"
-    else
-      # Handle plain YAML file
-      system("#{ENV["EDITOR"] || "vi"} #{secrets_path}")
-      puts "Updated plain #{secrets_path}"
-    end
-  rescue ActiveSupport::EncryptedFile::MissingKeyError
-    puts "Missing encryption key to decrypt secrets.yml."
-    puts "Ask your team for your secrets key and put it in #{key_path}"
-  rescue ActiveSupport::EncryptedFile::InvalidMessage
-    puts "Invalid encryption key for secrets.yml."
+    # Open the plain YAML file in editor
+    editor = ENV["EDITOR"] || "vi"
+    system("#{editor} #{secrets_path}")
+    puts "📝 Updated #{secrets_path}"
   end
 
-  desc "Show secrets.yml content"
+  desc "Show the plain YAML secrets.yml content"
   task show: :environment do
     secrets_path = Rails.root.join("config/secrets.yml")
-    key_path = Rails.root.join("config/secrets.yml.key")
 
     unless secrets_path.exist?
       puts "Secrets file doesn't exist. Run 'rake secvault:setup' first."
       exit 1
     end
 
-    # Check if file is encrypted
-    is_encrypted = Secvault::Secrets.encrypted?(secrets_path)
-
-    if is_encrypted && key_path.exist?
-      # Handle encrypted file
-      encrypted_file = ActiveSupport::EncryptedFile.new(
-        content_path: secrets_path,
-        key_path: key_path,
-        env_key: "RAILS_SECRETS_KEY",
-        raise_if_missing_key: true
-      )
-      puts encrypted_file.read
-    else
-      # Handle plain YAML file
-      puts File.read(secrets_path)
-    end
-  rescue ActiveSupport::EncryptedFile::MissingKeyError
-    puts "Missing encryption key to decrypt secrets.yml."
-    puts "Ask your team for your secrets key and put it in #{key_path}"
-  rescue ActiveSupport::EncryptedFile::InvalidMessage
-    puts "Invalid encryption key for secrets.yml."
+    puts "📄 Contents of #{secrets_path}:"
+    puts "#{'=' * 50}"
+    puts File.read(secrets_path)
+    puts "#{'=' * 50}"
   end
 end

data/lib/secvault/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Secvault
-  VERSION = "1.0.3"
+  VERSION = "2.0.0"
 end

data/lib/secvault.rb

@@ -3,7 +3,6 @@
 require "rails"
 require "yaml"
 require "erb"
-require "active_support/encrypted_file"
 require "active_support/core_ext/hash/keys"
 require "zeitwerk"
 
@@ -12,10 +11,49 @@ require_relative "secvault/version"
 loader = Zeitwerk::Loader.for_gem
 loader.setup
 
+# Secvault - Simple secrets management for Rails
+# 
+# Secvault restores the classic Rails secrets.yml functionality that was removed 
+# in Rails 7.2, using simple, plain YAML files for environment-specific secrets 
+# management.
+#
+# ## Rails Version Support:
+# - Rails 7.1: Requires manual setup (see Rails 7.1 integration guide)
+# - Rails 7.2+: Automatic setup, drop-in replacement for removed functionality
+# - Rails 8.0+: Full compatibility
+#
+# ## Rails 7.1 Integration:
+# For Rails 7.1 apps, add this initializer to override native Rails::Secrets:
+#
+#   # config/initializers/secvault.rb
+#   module Rails
+#     remove_const(:Secrets) if defined?(Secrets)
+#     Secrets = Secvault::RailsSecrets
+#   end
+#
+#   Rails.application.config.after_initialize do
+#     secrets_path = Rails.root.join("config/secrets.yml")
+#     if secrets_path.exist?
+#       loaded_secrets = Rails::Secrets.parse([secrets_path], env: Rails.env)
+#       secrets_object = ActiveSupport::OrderedOptions.new
+#       secrets_object.merge!(loaded_secrets)
+#       Rails.application.define_singleton_method(:secrets) { secrets_object }
+#     end
+#   end
+#
+# ## Usage:
+#   Rails.application.secrets.api_key
+#   Rails.application.secrets.oauth_settings[:google_client_id]
+#   Rails::Secrets.parse_default(env: 'development')
+#
+# ## Rake Tasks:
+#   rake secvault:setup    # Create plain secrets.yml file
+#   rake secvault:edit     # Edit secrets.yml file
+#   rake secvault:show     # Display secrets.yml content
+#
+# @see https://github.com/unnitallman/secvault
 module Secvault
   class Error < StandardError; end
-  class MissingKeyError < Error; end
-  class InvalidKeyError < Error; end
 
   extend self
 
@@ -25,6 +63,51 @@ module Secvault
     require "secvault/railtie"
     require "secvault/rails_secrets"
   end
+  
+  # Helper method to set up Secvault for Rails 7.1 applications
+  # This provides an easy way to integrate Secvault into Rails 7.1 apps
+  # that still have native Rails::Secrets functionality.
+  #
+  # Usage in an initializer:
+  #   Secvault.setup_rails_71_integration!
+  #
+  # This will:
+  # 1. Override native Rails::Secrets with Secvault implementation
+  # 2. Replace Rails.application.secrets with Secvault-powered functionality
+  # 3. Load secrets from config/secrets.yml automatically
+  def setup_rails_71_integration!
+    # Override native Rails::Secrets
+    if defined?(Rails::Secrets)
+      Rails.send(:remove_const, :Secrets)
+    end
+    Rails.const_set(:Secrets, Secvault::RailsSecrets)
+    
+    # Set up Rails.application.secrets replacement
+    Rails.application.config.after_initialize do
+      secrets_path = Rails.root.join("config/secrets.yml")
+      
+      if secrets_path.exist?
+        # Load secrets using Secvault
+        loaded_secrets = Rails::Secrets.parse([secrets_path], env: Rails.env)
+        
+        # Create ActiveSupport::OrderedOptions object for compatibility
+        secrets_object = ActiveSupport::OrderedOptions.new
+        secrets_object.merge!(loaded_secrets)
+        
+        # Replace Rails.application.secrets
+        Rails.application.define_singleton_method(:secrets) do
+          secrets_object
+        end
+        
+        # Log integration success (except in production)
+        unless Rails.env.production?
+          Rails.logger&.info "[Secvault] Rails 7.1 integration complete. Loaded #{loaded_secrets.keys.size} secret keys."
+        end
+      else
+        Rails.logger&.warn "[Secvault] No secrets.yml file found at #{secrets_path}"
+      end
+    end
+  end
 end
 
 Secvault.install! if defined?(Rails)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secvault
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 2.0.0
 platform: ruby
 authors:
 - Unnikrishnan KP
@@ -39,8 +39,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.6'
 description: Secvault restores the classic Rails secrets.yml functionality that was
-  removed in Rails 7.2, allowing you to manage encrypted secrets using the familiar
-  YAML-based approach. Compatible with Rails 7.1+, 7.2+ and 8.0+.
+  removed in Rails 7.2, using simple, plain YAML files for environment-specific secrets
+  management. Compatible with Rails 7.1+, 7.2+ and 8.0+.
 email:
 - unnikrishnan.kp@bigbinary.com
 executables: []
@@ -62,8 +62,6 @@ files:
 - lib/secvault/secrets_helper.rb
 - lib/secvault/tasks.rake
 - lib/secvault/version.rb
-- secvault-1.0.1.gem
-- secvault-1.0.2.gem
 - sig/secvault.rbs
 homepage: https://github.com/unnitallman/secvault
 licenses:
@@ -91,5 +89,5 @@ requirements: []
 rubygems_version: 3.5.10
 signing_key:
 specification_version: 4
-summary: Rails secrets.yml functionality for Rails 7.1+, 7.2+ and Rails 8.0+
+summary: Simple Rails secrets.yml functionality for Rails 7.1+, 7.2+ and Rails 8.0+
 test_files: []