secvault 2.7.0 → 2.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 51dbcfd2c3b3073fb06223b681fb358cf8c74aae00c90663470edc19b3a40cd0
-  data.tar.gz: f78b9e5a1bdcb9148d58e31791738179b38a401ae0416920b4a6ee557e024ffd
+  metadata.gz: 3f3f850252ea738c99ee2fd7bb7c2e9a2688082abc78245f0ac1ae4f262c9f57
+  data.tar.gz: 95c9d1b54bdf4fdeaf490e7bbf4bd1bb13411d50ce9a11291f89848049258636
 SHA512:
-  metadata.gz: 99d55935f3754ed807d306e94c530259ae34c82d43e1b2827ace62a2e33fd8bed291d8af358597aa68b71d78737af402273644e2b5d9475c5540be234b2d5985
-  data.tar.gz: d24dfa1e4613602a15ee7d40aeabedb089edf9e88ea136960ca039d6298252d8e7cd4e8a50d6f815cedcbde9d6192320814ccf6694797633225a29e98b993842
+  metadata.gz: a2399e023247f056496230dc96da152b5c9fcdd1db98b5f7359a5406f9ce45dc190ce0c93cd5dc4736abb16e7396043d78482b0879785faa60353fe0a1d773dd
+  data.tar.gz: e3deef79404b1c382c2e6167e6cb2b2981f511b6e9058fdf4fc484d8b9fce0f041551121631165f60f2220ee1d3be0ef444fb12296dac803a58afb4800b18ce0

data/lib/secvault/rails_secrets.rb

@@ -46,15 +46,9 @@ module Secvault
 end
 
 # Monkey patch to restore Rails::Secrets interface for backwards compatibility
-# Only for Rails 7.2+ where Rails::Secrets was removed
-if defined?(Rails) && Rails.respond_to?(:version)
-  rails_version = Rails.version
-  major, minor = rails_version.split(".").map(&:to_i)
-
-  # Only alias for Rails 7.2+ to avoid conflicts with native Rails::Secrets in 7.1
-  if major > 7 || (major == 7 && minor >= 2)
-    module Rails
-      Secrets = Secvault::RailsSecrets
-    end
+# Works consistently across all Rails versions with warning suppression
+if defined?(Rails)
+  module Rails
+    Secrets = Secvault::RailsSecrets
   end
 end

data/lib/secvault/secrets.rb

@@ -11,62 +11,48 @@ module Secvault
   class Secrets
     class << self
       def setup(app)
-        # Only auto-setup for Rails 7.2+ where secrets functionality was removed
-        return unless rails_7_2_or_later?
-
+        # Auto-setup for all Rails versions with consistent behavior
         secrets_path = app.root.join("config/secrets.yml")
 
-        if secrets_path.exist?
-          # Use a more reliable approach that works in all environments
-          app.config.before_configuration do
-            current_env = ENV["RAILS_ENV"] || Rails.env || "development"
-            setup_secrets_immediately(app, secrets_path, current_env)
-          end
+        return unless secrets_path.exist?
 
-          # Also try during to_prepare as a fallback
-          app.config.to_prepare do
-            current_env = Rails.env
-            unless Rails.application.respond_to?(:secrets) && !Rails.application.secrets.empty?
-              setup_secrets_immediately(app, secrets_path, current_env)
-            end
-          end
+        # Use a reliable approach that works in all environments
+        app.config.before_configuration do
+          current_env = ENV["RAILS_ENV"] || Rails.env || "development"
+          setup_secrets_immediately(app, secrets_path, current_env)
         end
-      end
-
-      # Manual setup method for Rails 7.1 (opt-in)
-      def setup_for_rails_71!(app)
-        secrets_path = app.root.join("config/secrets.yml")
 
-        if secrets_path.exist?
-          app.config.before_configuration do
-            current_env = ENV["RAILS_ENV"] || Rails.env || "development"
+        # Also try during to_prepare as a fallback
+        app.config.to_prepare do
+          current_env = Rails.env
+          unless Rails.application.respond_to?(:secrets) && !Rails.application.secrets.empty?
             setup_secrets_immediately(app, secrets_path, current_env)
           end
         end
       end
 
-      def setup_secrets_immediately(app, secrets_path, env)
+      def setup_secrets_immediately(_app, secrets_path, env)
         # Set up secrets if they exist
         secrets = read_secrets(secrets_path, env)
-        if secrets
-          # Rails 8.0+ compatibility: Add secrets accessor that initializes on first access
-          unless Rails.application.respond_to?(:secrets)
-            Rails.application.define_singleton_method(:secrets) do
-              @secrets ||= begin
-                current_secrets = ActiveSupport::OrderedOptions.new
-                # Re-read secrets to ensure we have the right environment
-                env_secrets = Secvault::Secrets.read_secrets(secrets_path, Rails.env)
-                current_secrets.merge!(env_secrets) if env_secrets
-                current_secrets
-              end
+        return unless secrets
+
+        # Rails 8.0+ compatibility: Add secrets accessor that initializes on first access
+        unless Rails.application.respond_to?(:secrets)
+          Rails.application.define_singleton_method(:secrets) do
+            @secrets ||= begin
+              current_secrets = ActiveSupport::OrderedOptions.new
+              # Re-read secrets to ensure we have the right environment
+              env_secrets = Secvault::Secrets.read_secrets(secrets_path, Rails.env)
+              current_secrets.merge!(env_secrets) if env_secrets
+              current_secrets
             end
           end
-
-          # If secrets accessor already exists, merge the secrets
-          if Rails.application.respond_to?(:secrets) && Rails.application.secrets.respond_to?(:merge!)
-            Rails.application.secrets.merge!(secrets)
-          end
         end
+
+        # If secrets accessor already exists, merge the secrets
+        return unless Rails.application.respond_to?(:secrets) && Rails.application.secrets.respond_to?(:merge!)
+
+        Rails.application.secrets.merge!(secrets)
       end
 
       # Classic Rails::Secrets.parse implementation
@@ -103,14 +89,6 @@ module Secvault
 
         {}
       end
-
-      private
-
-      def rails_7_2_or_later?
-        rails_version = Rails.version
-        major, minor = rails_version.split(".").map(&:to_i)
-        major > 7 || (major == 7 && minor >= 2)
-      end
     end
   end
 end

data/lib/secvault/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Secvault
-  VERSION = "2.7.0"
+  VERSION = "2.7.1"
 end

data/lib/secvault.rb

@@ -13,33 +13,20 @@ loader.setup
 
 # Secvault - Simple secrets management for Rails
 #
-# Secvault restores the classic Rails secrets.yml functionality that was removed
-# in Rails 7.2, using simple, plain YAML files for environment-specific secrets
-# management.
+# Secvault restores the classic Rails secrets.yml functionality using simple,
+# plain YAML files for environment-specific secrets management. Works consistently
+# across all Rails versions with automatic deprecation warning suppression.
 #
 # ## Rails Version Support:
-# - Rails 7.1: Requires manual setup (see Rails 7.1 integration guide)
-# - Rails 7.2+: Automatic setup, drop-in replacement for removed functionality
+# - Rails 7.1+: Full compatibility with automatic setup
+# - Rails 7.2+: Drop-in replacement for removed functionality
 # - Rails 8.0+: Full compatibility
 #
-# ## Rails 7.1 Integration:
-# For Rails 7.1 apps, add this initializer to override native Rails::Secrets:
+# ## Quick Start:
+# Add this to an initializer:
 #
 #   # config/initializers/secvault.rb
-#   module Rails
-#     remove_const(:Secrets) if defined?(Secrets)
-#     Secrets = Secvault::RailsSecrets
-#   end
-#
-#   Rails.application.config.after_initialize do
-#     secrets_path = Rails.root.join("config/secrets.yml")
-#     if secrets_path.exist?
-#       loaded_secrets = Rails::Secrets.parse([secrets_path], env: Rails.env)
-#       secrets_object = ActiveSupport::OrderedOptions.new
-#       secrets_object.merge!(loaded_secrets)
-#       Rails.application.define_singleton_method(:secrets) { secrets_object }
-#     end
-#   end
+#   Secvault.setup!
 #
 # ## Usage:
 #   Rails.application.secrets.api_key
@@ -83,26 +70,30 @@ module Secvault
     require "secvault/rails_secrets"
   end
 
-  # Helper method to set up Secvault for older Rails versions
-  # This provides an easy way to integrate Secvault into older Rails apps
-  # that still have native Rails::Secrets functionality (like Rails 7.1).
+  # Set up Secvault for all Rails versions
+  # This provides a universal way to integrate Secvault into Rails apps
+  # with consistent behavior across all Rails versions.
   #
   # Usage in an initializer:
-  #   Secvault.setup_backward_compatibility_with_older_rails!
+  #   Secvault.setup!
+  #   Secvault.setup!(suppress_warnings: false)
   #
   # This will:
-  # 1. Override native Rails::Secrets with Secvault implementation
+  # 1. Set up Rails::Secrets with Secvault implementation
   # 2. Replace Rails.application.secrets with Secvault-powered functionality
   # 3. Load secrets from config/secrets.yml automatically
-  def setup_backward_compatibility_with_older_rails!
+  # 4. Suppress Rails deprecation warnings about secrets (default: true)
+  # 5. Set Rails.application.config.secret_key_base from secrets (default: true)
+  def setup!(suppress_warnings: true, set_secret_key_base: true)
     # Override native Rails::Secrets
-    if defined?(Rails::Secrets)
-      Rails.send(:remove_const, :Secrets)
-    end
+    Rails.send(:remove_const, :Secrets) if defined?(Rails::Secrets)
     Rails.const_set(:Secrets, Secvault::RailsSecrets)
 
     # Set up Rails.application.secrets replacement
     Rails.application.config.after_initialize do
+      # Suppress Rails deprecation warnings about secrets if requested
+      suppress_secrets_deprecation_warning! if suppress_warnings
+
       secrets_path = Rails.root.join("config/secrets.yml")
 
       if secrets_path.exist?
@@ -118,9 +109,17 @@ module Secvault
           secrets_object
         end
 
+        # Set secret_key_base in Rails config to avoid accessing it from secrets
+        if set_secret_key_base && loaded_secrets.key?("secret_key_base")
+          Rails.application.config.secret_key_base = loaded_secrets["secret_key_base"]
+          unless Rails.env.production?
+            Rails.logger&.info "[Secvault] Set Rails.application.config.secret_key_base from secrets.yml"
+          end
+        end
+
         # Log integration success (except in production)
         unless Rails.env.production?
-          Rails.logger&.info "[Secvault] Rails 7.1 integration complete. Loaded #{loaded_secrets.keys.size} secret keys."
+          Rails.logger&.info "[Secvault] Integration complete. Loaded #{loaded_secrets.keys.size} secret keys."
         end
       else
         Rails.logger&.warn "[Secvault] No secrets.yml file found at #{secrets_path}"
@@ -142,9 +141,12 @@ module Secvault
   #   - files: Array of file paths (String or Pathname)
   #   - reload_method: Add a reload helper method (default: true in development)
   #   - logger: Enable/disable logging (default: true except in production)
-  def setup_multi_file!(files, reload_method: Rails.env.development?, logger: !Rails.env.production?)
+  #   - suppress_warnings: Suppress Rails deprecation warnings about secrets (default: true)
+  #   - set_secret_key_base: Set Rails.application.config.secret_key_base from secrets (default: true)
+  def setup_multi_file!(files, reload_method: Rails.env.development?, logger: !Rails.env.production?,
+    suppress_warnings: true, set_secret_key_base: true)
     # Ensure Secvault integration is active
-    setup_backward_compatibility_with_older_rails! unless active?
+    setup!(suppress_warnings: suppress_warnings, set_secret_key_base: set_secret_key_base) unless active?
 
     # Convert strings to Pathname objects and resolve relative to Rails.root
     file_paths = Array(files).map do |file|
@@ -153,13 +155,14 @@ module Secvault
 
     # Set up the multi-file loading
     Rails.application.config.after_initialize do
-      load_multi_file_secrets!(file_paths, logger: logger)
+      load_multi_file_secrets!(file_paths, logger: logger, suppress_warnings: suppress_warnings,
+        set_secret_key_base: set_secret_key_base)
     end
 
     # Add reload helper in development
-    if reload_method
-      add_reload_helper!(file_paths)
-    end
+    return unless reload_method
+
+    add_reload_helper!(file_paths)
   end
 
   # Load secrets into Secvault.secrets only (no Rails integration)
@@ -195,10 +198,14 @@ module Secvault
   end
 
   # Load secrets from multiple files and merge them (with Rails integration)
-  def load_multi_file_secrets!(file_paths, logger: !Rails.env.production?)
+  def load_multi_file_secrets!(file_paths, logger: !Rails.env.production?, suppress_warnings: true,
+    set_secret_key_base: true)
     existing_files = file_paths.select(&:exist?)
 
     if existing_files.any?
+      # Suppress Rails deprecation warnings about secrets if requested
+      suppress_secrets_deprecation_warning! if suppress_warnings
+
       # Load and merge all secrets files
       merged_secrets = Rails::Secrets.parse(existing_files, env: Rails.env)
 
@@ -209,6 +216,12 @@ module Secvault
       # Replace Rails.application.secrets
       Rails.application.define_singleton_method(:secrets) { secrets_object }
 
+      # Set secret_key_base in Rails config to avoid accessing it from secrets
+      if set_secret_key_base && merged_secrets.key?("secret_key_base")
+        Rails.application.config.secret_key_base = merged_secrets["secret_key_base"]
+        Rails.logger&.info "[Secvault Multi-File] Set Rails.application.config.secret_key_base from secrets" if logger
+      end
+
       # Log successful loading
       if logger
         file_names = existing_files.map(&:basename)
@@ -272,9 +285,7 @@ module Secvault
     begin
       # Set up Rails::Secrets to use Secvault's parser (only when integrating)
       unless rails_integrated?
-        if defined?(Rails::Secrets)
-          Rails.send(:remove_const, :Secrets)
-        end
+        Rails.send(:remove_const, :Secrets) if defined?(Rails::Secrets)
         Rails.const_set(:Secrets, Secvault::RailsSecrets)
       end
 
@@ -292,8 +303,9 @@ module Secvault
   end
 
   # Backward compatibility aliases
-  alias_method :setup_rails_71_integration!, :setup_backward_compatibility_with_older_rails!
-  alias_method :setup_multi_files!, :setup_multi_file!  # Alternative name
+  alias_method :setup_backward_compatibility_with_older_rails!, :setup! # Legacy name
+  alias_method :setup_rails_71_integration!, :setup! # Legacy name
+  alias_method :setup_multi_files!, :setup_multi_file! # Alternative name
 end
 
 Secvault.install! if defined?(Rails)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secvault
 version: !ruby/object:Gem::Version
-  version: 2.7.0
+  version: 2.7.1
 platform: ruby
 authors:
 - Unnikrishnan KP