RubyGems - secvault - Versions diffs - 1.0.4 → 2.0.0 - Mend

secvault 1.0.4 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4516ca420928dd1fba6fbdd3a5b1a7def3068872f6b8a1f8ac82aac987405af0
-  data.tar.gz: 1a252a86fc1552b3c989a3d9a3ecee78fa11b14ef4989040e6d2c28f7c16819c
+  metadata.gz: 99d7d1404f42246f62cbc8349ab689b43e8f24fa0ea52dd0e10910dee9615dcc
+  data.tar.gz: 4453d7ebce5a81e9e5fe0ed1dcd0df410a442ff669dd8dde02c15c3db3209a2e
 SHA512:
-  metadata.gz: fa4565bff45f90436ae9255df05282e577dead6bfbcd7c6bda821e687d91d47b07ad7bb99ea113b63c23b1b2e79f1307cdafb46be515d04f632d656e24b0c803
-  data.tar.gz: c241e60c7334f8f9c589f3151c78a75f9c9a053e849e5c5820de71d5db053fbced5b507aec5411b703c7c01dff5688393068223947719e09593a974f229862a9
+  metadata.gz: c11facd4f7abd26f8ecc9bbccabf0ede865210e220a944aee8e4640cd7851237db2c3bebeba2bc9ddee96a5fe52fa70c324f9b3f5aee4e9a09378ebf2703c91a
+  data.tar.gz: f01237875bb61dac4a8e145adeb05c36813937f72a9d4af85c3ae6e5069c02e0df9efd4df7e1f30dee9263fc69543eb04ebbb2a6998b29a30fbced84702ada90

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,37 @@
 ## [Unreleased]
+## [2.0.0] - 2025-09-22
+### BREAKING CHANGES
+- **Removed all encryption functionality** - Secvault now focuses purely on plain YAML secrets management
+- Removed ActiveSupport::EncryptedFile dependencies
+- Removed MissingKeyError and InvalidKeyError exceptions
+- Removed `encrypted?`, `decrypt`, `decrypt_secrets` methods
+- Simplified rake tasks to work with plain YAML only
+### Added
+- Simplified `rake secvault:setup` that creates plain YAML files with helpful comments
+- Better error messages and user guidance in rake tasks
+- Cleaner, more focused codebase without encryption complexity
+### Changed
+- **Major simplification**: All secrets are now stored in plain YAML files
+- Updated README to reflect plain YAML approach
+- Updated module documentation and gemspec descriptions
+- Rake tasks now use emojis and better user experience
+- Production secrets should use ERB syntax with environment variables
+### Benefits
+- Much simpler gem with single focus: plain YAML secrets management
+- No encryption keys to manage or lose
+- Easy to understand, edit, and debug secrets files
+- Perfect for development and test environments
+- Production secrets via environment variables (recommended best practice)
 ## [1.0.4] - 2025-09-22
 ### Added

data/README.md CHANGED Viewed

@@ -1,278 +1,87 @@
 # Secvault
-**Secvault** restores the classic Rails `secrets.yml` functionality that was removed in Rails 7.2, allowing you to manage encrypted secrets using the familiar YAML-based approach.
+Restores the classic Rails `secrets.yml` functionality that was removed in Rails 7.2. Uses simple, plain YAML files for environment-specific secrets management.
-## Why Secvault?
-Rails 7.2 removed the `secrets.yml` functionality completely in favor of credentials. However, many teams prefer the simplicity and familiarity of `secrets.yml` for managing environment-specific secrets. Secvault brings this functionality back with modern encryption support.
-## Features
-- 🔐 **Encrypted secrets.yml** - Uses Rails' built-in encryption system
-- 🔑 **Key management** - Secure key generation and management
-- 🌍 **Environment-specific** - Different secrets for development, test, and production
-- 📝 **ERB support** - Use ERB templates in your secrets files
-- 🛠️ **Rake tasks** - Easy management with built-in rake tasks
-- 🚀 **Rails 7.2+ compatible** - Works seamlessly with modern Rails
+**Rails Version Support:**
+- **Rails 7.1**: Manual setup (see Rails 7.1 Integration below)
+- **Rails 7.2+**: Automatic setup
+- **Rails 8.0+**: Full compatibility
 ## Installation
-Add this line to your application's Gemfile:
 ```ruby
+# Gemfile
 gem 'secvault'
 ```
-And then execute:
-```bash
-$ bundle install
-```
-### Rails Version Compatibility
-- **Rails 7.2+**: Automatic setup, drop-in replacement for removed secrets functionality
-- **Rails 7.1**: Manual setup required (see Rails 7.1 Integration section below)
-- **Rails 8.0+**: Full compatibility
-## Setup
-### 1. Generate secrets file
-Run the setup task to create your encrypted `secrets.yml`:
 ```bash
-$ rake secvault:setup
+bundle install
 ```
-This will:
-- Generate `config/secrets.yml.key` (keep this secure!)
-- Create an encrypted `config/secrets.yml` with default content
-- Remind you to add the key file to `.gitignore`
-Alternatively, use the Rails generator:
+## Quick Start (Rails 7.2+)
 ```bash
-$ rails generate secvault:secrets
-```
-### 2. Add key to .gitignore
+# 1. Create secrets.yml with rake task
+rake secvault:setup
-Ensure your encryption key is not committed to version control:
-```bash
-echo "/config/secrets.yml.key" >> .gitignore
+# 2. Edit secrets
+rake secvault:edit
 ```
-## Usage
-### Editing secrets
-Edit your encrypted secrets file:
-```bash
-$ rake secvault:edit
-```
-This opens the decrypted file in your `$EDITOR`.
-### Viewing secrets
-View the decrypted content:
-```bash
-$ rake secvault:show
-```
-### Accessing secrets in your application
-Secrets are automatically loaded into `Rails.application.secrets`:
+**Usage in your app:**
 ```ruby
-# In your Rails application
-Rails.application.secrets.secret_key_base
 Rails.application.secrets.api_key
 Rails.application.secrets.database_password
 ```
-### Example secrets.yml structure
+**Example secrets.yml:**
 ```yaml
-# config/secrets.yml (encrypted)
 development:
-  secret_key_base: your_development_secret
-  api_key: dev_api_key
+  api_key: dev_key
   database_password: dev_password
-test:
-  secret_key_base: your_test_secret
-  api_key: test_api_key
-  database_password: test_password
 production:
-  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
   api_key: <%= ENV['API_KEY'] %>
   database_password: <%= ENV['DATABASE_PASSWORD'] %>
 ```
-### Environment variable fallback
-You can set the encryption key via environment variable:
-```bash
-export RAILS_SECRETS_KEY=your_encryption_key
-```
-## Production Deployment
-### Option 1: Environment Variable
-Set the encryption key as an environment variable:
-```bash
-export RAILS_SECRETS_KEY=your_encryption_key
-```
-### Option 2: Key File
-Securely copy `config/secrets.yml.key` to your production server.
-### Docker
-For Docker deployments, you can pass the key as an environment variable:
-```dockerfile
-ENV RAILS_SECRETS_KEY=your_encryption_key
+**Production:** Use environment variables in your YAML:
+```yaml
+production:
+  api_key: <%= ENV['API_KEY'] %>
 ```
-## Rake Tasks
-| Task | Description |
-|------|-------------|
-| `rake secvault:setup` | Create encrypted secrets.yml and key |
-| `rake secvault:edit` | Edit the encrypted secrets file |
-| `rake secvault:show` | Display decrypted secrets content |
 ## Rails 7.1 Integration
-For Rails 7.1 applications, Secvault provides a simple integration method to replace the native Rails::Secrets functionality and test Secvault before upgrading to Rails 7.2+.
-### Quick Setup (Recommended)
-Add this to `config/initializers/secvault.rb`:
+Test Secvault in Rails 7.1 before upgrading to 7.2+:
 ```ruby
 # config/initializers/secvault.rb
 Secvault.setup_rails_71_integration!
 ```
-That's it! This single line will:
-- Override native Rails::Secrets with Secvault implementation
-- Replace Rails.application.secrets with Secvault functionality
-- Load secrets from config/secrets.yml automatically
-### Manual Setup (Advanced)
-If you prefer more control, you can set it up manually:
-```ruby
-# config/initializers/secvault.rb
-module Rails
-  remove_const(:Secrets) if defined?(Secrets)
-  Secrets = Secvault::RailsSecrets
-end
-Rails.application.config.after_initialize do
-  secrets_path = Rails.root.join("config/secrets.yml")
-  if secrets_path.exist?
-    loaded_secrets = Rails::Secrets.parse([secrets_path], env: Rails.env)
-    secrets_object = ActiveSupport::OrderedOptions.new
-    secrets_object.merge!(loaded_secrets)
-    Rails.application.define_singleton_method(:secrets) do
-      secrets_object
-    end
-  end
-end
-```
-### Rails 7.1 Benefits
-✅ **Test before upgrading**: Validate Secvault works with your secrets
-✅ **Zero code changes**: Existing Rails 7.1 code continues to work
-✅ **Smooth migration**: Gradual transition to Rails 7.2+
-✅ **Full compatibility**: All Rails.application.secrets functionality preserved
-### Example Rails 7.1 Usage
+This replaces Rails.application.secrets with Secvault functionality. Your existing Rails 7.1 code works unchanged:
 ```ruby
-# Works exactly like native Rails 7.1
-Rails.application.secrets.api_key
-Rails.application.secrets.oauth_settings[:google_client_id]
-# Plus enhanced Secvault functionality
-Rails::Secrets.parse_default(env: 'development')
-Rails::Secrets.parse([custom_path], env: Rails.env)
+Rails.application.secrets.api_key          # ✅ Works
+Rails.application.secrets.oauth_settings   # ✅ Works
+Rails::Secrets.parse_default               # ✅ Enhanced functionality
 ```
-## Migration from Rails < 7.2
-If you're upgrading from an older Rails version that had `secrets.yml`:
+## Available Commands
-1. Install secvault: `bundle add secvault`
-2. Encrypt existing secrets: `rake secvault:setup`
-3. Copy your existing secrets content using `rake secvault:edit`
-4. Remove the old plain-text `config/secrets.yml`
-## Security Best Practices
-- ✅ **Never commit** `config/secrets.yml.key` to version control
-- ✅ **Use environment variables** for production secrets when possible
-- ✅ **Rotate keys** periodically
-- ✅ **Use strong, unique keys** for each environment
-- ✅ **Limit access** to key files in production
-## Troubleshooting
-### Missing Key Error
-```
-Missing encryption key to decrypt secrets.yml
-```
-**Solution**: Ensure `config/secrets.yml.key` exists or set `RAILS_SECRETS_KEY` environment variable.
-### Invalid Key Error
-```
-Invalid encryption key for secrets.yml
-```
-**Solution**: The key doesn't match the encrypted file. Verify you're using the correct key.
-### File Not Found
-```
-Secrets file doesn't exist
+```bash
+rake secvault:setup    # Create plain secrets.yml file
+rake secvault:edit     # Edit secrets.yml file
+rake secvault:show     # Display secrets.yml content
 ```
-**Solution**: Run `rake secvault:setup` to create the secrets file.
-## Development
+## Security
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests.
-To install this gem onto your local machine, run `bundle exec rake install`.
-## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/unnitallman/secvault.
+⚠️ Never commit production secrets to version control
+✅ Use environment variables for production secrets with ERB syntax: `<%= ENV['SECRET'] %>`
+✅ Add `config/secrets.yml` to `.gitignore` if it contains sensitive data
 ## License
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
-## Code of Conduct
-Everyone interacting in the Secvault project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/secvault/blob/main/CODE_OF_CONDUCT.md).
+MIT License - see [LICENSE](https://opensource.org/licenses/MIT)

data/lib/secvault/secrets.rb CHANGED Viewed

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
-require "active_support/encrypted_file"
 require "active_support/core_ext/hash/keys"
-require "active_support/core_ext/object/blank"
 require "active_support/ordered_options"
 require "pathname"
 require "erb"
@@ -16,20 +14,19 @@ module Secvault
         return unless rails_7_2_or_later?
         secrets_path = app.root.join("config/secrets.yml")
-        key_path = app.root.join("config/secrets.yml.key")
         if secrets_path.exist?
           # Use a more reliable approach that works in all environments
           app.config.before_configuration do
             current_env = ENV['RAILS_ENV'] || Rails.env || 'development'
-            setup_secrets_immediately(app, secrets_path, key_path, current_env)
+            setup_secrets_immediately(app, secrets_path, current_env)
           end
           # Also try during to_prepare as a fallback
           app.config.to_prepare do
             current_env = Rails.env
             unless Rails.application.respond_to?(:secrets) && !Rails.application.secrets.empty?
-              setup_secrets_immediately(app, secrets_path, key_path, current_env)
+              setup_secrets_immediately(app, secrets_path, current_env)
             end
           end
         end
@@ -38,19 +35,18 @@ module Secvault
       # Manual setup method for Rails 7.1 (opt-in)
       def setup_for_rails_71!(app)
         secrets_path = app.root.join("config/secrets.yml")
-        key_path = app.root.join("config/secrets.yml.key")
         if secrets_path.exist?
           app.config.before_configuration do
             current_env = ENV['RAILS_ENV'] || Rails.env || 'development'
-            setup_secrets_immediately(app, secrets_path, key_path, current_env)
+            setup_secrets_immediately(app, secrets_path, current_env)
           end
         end
       end
-      def setup_secrets_immediately(app, secrets_path, key_path, env)
+      def setup_secrets_immediately(app, secrets_path, env)
         # Set up secrets if they exist
-        secrets = read_secrets(secrets_path, key_path, env)
+        secrets = read_secrets(secrets_path, env)
         if secrets
           # Rails 8.0+ compatibility: Add secrets accessor that initializes on first access
           unless Rails.application.respond_to?(:secrets)
@@ -58,7 +54,7 @@ module Secvault
               @secrets ||= begin
                 current_secrets = ActiveSupport::OrderedOptions.new
                 # Re-read secrets to ensure we have the right environment
-                env_secrets = Secvault::Secrets.read_secrets(secrets_path, key_path, Rails.env)
+                env_secrets = Secvault::Secrets.read_secrets(secrets_path, Rails.env)
                 current_secrets.merge!(env_secrets) if env_secrets
                 current_secrets
               end
@@ -73,19 +69,15 @@ module Secvault
       end
       # Classic Rails::Secrets.parse implementation
-      # Parses secrets files and merges shared + environment-specific sections
+      # Parses plain YAML secrets files and merges shared + environment-specific sections
       def parse(paths, env:)
         paths.each_with_object(Hash.new) do |path, all_secrets|
           # Handle string paths by converting to Pathname
           path = Pathname.new(path) unless path.respond_to?(:exist?)
           next unless path.exist?
-          # Read and process the file content (handle both encrypted and plain)
-          source = if encrypted?(path)
-            decrypt(path)
-          else
-            preprocess(path)
-          end
+          # Read and process the plain YAML file content
+          source = path.read
           # Process ERB and parse YAML
           erb_result = ERB.new(source).result
@@ -102,22 +94,12 @@ module Secvault
           all_secrets.merge!(secrets[env].deep_symbolize_keys) if secrets[env]
         end
       end
-      # Helper method to preprocess plain YAML files (for ERB)
-      def preprocess(path)
-        path.read
-      end
-      def read_secrets(secrets_path, key_path, env)
+      def read_secrets(secrets_path, env)
         if secrets_path.exist?
-          all_secrets = if key_path.exist? || encrypted?(secrets_path)
-            # Handle encrypted secrets.yml
-            decrypt_secrets(secrets_path, key_path)
-          else
-            # Handle plain YAML secrets.yml
-            YAML.safe_load(ERB.new(secrets_path.read).result, aliases: true)
-          end
+          # Handle plain YAML secrets.yml only
+          all_secrets = YAML.safe_load(ERB.new(secrets_path.read).result, aliases: true)
           env_secrets = all_secrets[env.to_s]
           return env_secrets.deep_symbolize_keys if env_secrets
         end
@@ -125,46 +107,7 @@ module Secvault
         {}
       end
-      def encrypted?(path)
-        # Simple heuristic to detect if file is encrypted
-        content = path.read
-        # Encrypted files typically contain non-printable characters
-        !content.valid_encoding? || content.bytes.any? { |b| b < 32 && b != 10 && b != 13 }
-      rescue
-        false
-      end
       private
-      def decrypt_secrets(secrets_path, key_path)
-        encrypted_file = ActiveSupport::EncryptedFile.new(
-          content_path: secrets_path,
-          key_path: key_path,
-          env_key: "RAILS_SECRETS_KEY",
-          raise_if_missing_key: true
-        )
-        content = encrypted_file.read
-        YAML.safe_load(ERB.new(content).result, aliases: true) if content.present?
-      rescue ActiveSupport::EncryptedFile::MissingKeyError
-        raise MissingKeyError,
-          "Missing encryption key to decrypt secrets.yml. " \
-          "Ask your team for your secrets key and put it in config/secrets.yml.key"
-      rescue ActiveSupport::EncryptedFile::InvalidMessage
-        raise InvalidKeyError,
-          "Invalid encryption key for secrets.yml."
-      end
-      def decrypt(path)
-        key_path = Pathname.new("#{path}.key")
-        encrypted_file = ActiveSupport::EncryptedFile.new(
-          content_path: path,
-          key_path: key_path,
-          env_key: "RAILS_SECRETS_KEY",
-          raise_if_missing_key: true
-        )
-        encrypted_file.read
-      end
       def rails_7_2_or_later?
         rails_version = Rails.version

data/lib/secvault/tasks.rake CHANGED Viewed

@@ -1,135 +1,75 @@
 # frozen_string_literal: true
-require "active_support/encrypted_file"
 require "securerandom"
 namespace :secvault do
-  desc "Setup secrets.yml file (plain YAML by default)"
+  desc "Create a plain YAML secrets.yml file"
   task setup: :environment do
     secrets_path = Rails.root.join("config/secrets.yml")
-    key_path = Rails.root.join("config/secrets.yml.key")
-    encrypted = ENV["ENCRYPTED"] == "true"
     if secrets_path.exist?
       puts "Secrets file already exists at #{secrets_path}"
     else
       default_content = <<~YAML
-        # Be sure to restart your server when you modify this file.
+        # Plain YAML secrets file
+        # Environment-specific secrets for your Rails application
         #
-        # Your secret key is used for verifying the integrity of signed cookies.
-        # If you change this key, all old signed cookies will become invalid!
-        #
-        # Make sure the secret is at least 30 characters and all random,
-        # no regular words or you'll be exposed to dictionary attacks.
-        # You can use `rails secret` to generate a secure secret key.
+        # For production, use environment variables with ERB syntax:
+        # production:
+        #   api_key: <%= ENV['API_KEY'] %>
         development:
           secret_key_base: #{SecureRandom.hex(64)}
+          # Add your development secrets here
+          # api_key: dev_key
+          # database_password: dev_password
         test:
           secret_key_base: #{SecureRandom.hex(64)}
+          # Add your test secrets here
+          # api_key: test_key
-        # Do not keep production secrets in the repository,
-        # instead read values from the environment.
         production:
           secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+          # Use environment variables for production secrets
+          # api_key: <%= ENV["API_KEY"] %>
+          # database_password: <%= ENV["DATABASE_PASSWORD"] %>
       YAML
-      if encrypted
-        # Create encrypted file
-        unless key_path.exist?
-          key = ActiveSupport::EncryptedFile.generate_key
-          File.write(key_path, key)
-          puts "Generated encryption key in #{key_path}"
-        end
-        encrypted_file = ActiveSupport::EncryptedFile.new(
-          content_path: secrets_path,
-          key_path: key_path,
-          env_key: "RAILS_SECRETS_KEY",
-          raise_if_missing_key: true
-        )
-        encrypted_file.write(default_content)
-        puts "Created encrypted secrets.yml file"
-        puts "Add #{key_path} to your .gitignore file"
-      else
-        # Create plain YAML file
-        File.write(secrets_path, default_content)
-        puts "Created plain secrets.yml file"
-        puts "Remember to add #{secrets_path} to your .gitignore if it contains sensitive data"
-      end
+      File.write(secrets_path, default_content)
+      puts "✅ Created plain secrets.yml file at #{secrets_path}"
+      puts "⚠️  Remember to add production secrets as environment variables"
+      puts "⚠️  Never commit production secrets to version control"
     end
   end
-  desc "Edit secrets.yml file"
+  desc "Edit the plain YAML secrets.yml file"
   task edit: :environment do
     secrets_path = Rails.root.join("config/secrets.yml")
-    key_path = Rails.root.join("config/secrets.yml.key")
     unless secrets_path.exist?
       puts "Secrets file doesn't exist. Run 'rake secvault:setup' first."
       exit 1
     end
-    # Check if file is encrypted
-    is_encrypted = Secvault::Secrets.encrypted?(secrets_path)
-    if is_encrypted && key_path.exist?
-      # Handle encrypted file
-      encrypted_file = ActiveSupport::EncryptedFile.new(
-        content_path: secrets_path,
-        key_path: key_path,
-        env_key: "RAILS_SECRETS_KEY",
-        raise_if_missing_key: true
-      )
-      encrypted_file.change do |tmp_path|
-        system("#{ENV["EDITOR"] || "vi"} #{tmp_path}")
-      end
-      puts "Updated encrypted #{secrets_path}"
-    else
-      # Handle plain YAML file
-      system("#{ENV["EDITOR"] || "vi"} #{secrets_path}")
-      puts "Updated plain #{secrets_path}"
-    end
-  rescue ActiveSupport::EncryptedFile::MissingKeyError
-    puts "Missing encryption key to decrypt secrets.yml."
-    puts "Ask your team for your secrets key and put it in #{key_path}"
-  rescue ActiveSupport::EncryptedFile::InvalidMessage
-    puts "Invalid encryption key for secrets.yml."
+    # Open the plain YAML file in editor
+    editor = ENV["EDITOR"] || "vi"
+    system("#{editor} #{secrets_path}")
+    puts "📝 Updated #{secrets_path}"
   end
-  desc "Show secrets.yml content"
+  desc "Show the plain YAML secrets.yml content"
   task show: :environment do
     secrets_path = Rails.root.join("config/secrets.yml")
-    key_path = Rails.root.join("config/secrets.yml.key")
     unless secrets_path.exist?
       puts "Secrets file doesn't exist. Run 'rake secvault:setup' first."
       exit 1
     end
-    # Check if file is encrypted
-    is_encrypted = Secvault::Secrets.encrypted?(secrets_path)
-    if is_encrypted && key_path.exist?
-      # Handle encrypted file
-      encrypted_file = ActiveSupport::EncryptedFile.new(
-        content_path: secrets_path,
-        key_path: key_path,
-        env_key: "RAILS_SECRETS_KEY",
-        raise_if_missing_key: true
-      )
-      puts encrypted_file.read
-    else
-      # Handle plain YAML file
-      puts File.read(secrets_path)
-    end
-  rescue ActiveSupport::EncryptedFile::MissingKeyError
-    puts "Missing encryption key to decrypt secrets.yml."
-    puts "Ask your team for your secrets key and put it in #{key_path}"
-  rescue ActiveSupport::EncryptedFile::InvalidMessage
-    puts "Invalid encryption key for secrets.yml."
+    puts "📄 Contents of #{secrets_path}:"
+    puts "#{'=' * 50}"
+    puts File.read(secrets_path)
+    puts "#{'=' * 50}"
   end
 end

data/lib/secvault/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Secvault
-  VERSION = "1.0.4"
+  VERSION = "2.0.0"
 end

data/lib/secvault.rb CHANGED Viewed

@@ -3,7 +3,6 @@
 require "rails"
 require "yaml"
 require "erb"
-require "active_support/encrypted_file"
 require "active_support/core_ext/hash/keys"
 require "zeitwerk"
@@ -12,11 +11,11 @@ require_relative "secvault/version"
 loader = Zeitwerk::Loader.for_gem
 loader.setup
-# Secvault - Enhanced secrets management for Rails
+# Secvault - Simple secrets management for Rails
 #
 # Secvault restores the classic Rails secrets.yml functionality that was removed
-# in Rails 7.2, allowing you to manage encrypted secrets using the familiar
-# YAML-based approach.
+# in Rails 7.2, using simple, plain YAML files for environment-specific secrets
+# management.
 #
 # ## Rails Version Support:
 # - Rails 7.1: Requires manual setup (see Rails 7.1 integration guide)
@@ -47,11 +46,14 @@ loader.setup
 #   Rails.application.secrets.oauth_settings[:google_client_id]
 #   Rails::Secrets.parse_default(env: 'development')
 #
+# ## Rake Tasks:
+#   rake secvault:setup    # Create plain secrets.yml file
+#   rake secvault:edit     # Edit secrets.yml file
+#   rake secvault:show     # Display secrets.yml content
+#
 # @see https://github.com/unnitallman/secvault
 module Secvault
   class Error < StandardError; end
-  class MissingKeyError < Error; end
-  class InvalidKeyError < Error; end
   extend self

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secvault
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 2.0.0
 platform: ruby
 authors:
 - Unnikrishnan KP
@@ -39,8 +39,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.6'
 description: Secvault restores the classic Rails secrets.yml functionality that was
-  removed in Rails 7.2, allowing you to manage encrypted secrets using the familiar
-  YAML-based approach. Compatible with Rails 7.1+, 7.2+ and 8.0+.
+  removed in Rails 7.2, using simple, plain YAML files for environment-specific secrets
+  management. Compatible with Rails 7.1+, 7.2+ and 8.0+.
 email:
 - unnikrishnan.kp@bigbinary.com
 executables: []
@@ -89,5 +89,5 @@ requirements: []
 rubygems_version: 3.5.10
 signing_key:
 specification_version: 4
-summary: Rails secrets.yml functionality for Rails 7.1+, 7.2+ and Rails 8.0+
+summary: Simple Rails secrets.yml functionality for Rails 7.1+, 7.2+ and Rails 8.0+
 test_files: []