RubyGems - secvault - Versions diffs - 2.7.1 → 3.0.0 - Mend

secvault 2.7.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f3f850252ea738c99ee2fd7bb7c2e9a2688082abc78245f0ac1ae4f262c9f57
-  data.tar.gz: 95c9d1b54bdf4fdeaf490e7bbf4bd1bb13411d50ce9a11291f89848049258636
+  metadata.gz: 7e9d55bf6f12233064ea7ced4e9b40c84f8f3a6ce38d6b5b79d5f0e8f4a7214a
+  data.tar.gz: 7ade516b0c550c0b3c98f04fc39ff1079d5c46436da6a7fd6153bdc1d9eac4fb
 SHA512:
-  metadata.gz: a2399e023247f056496230dc96da152b5c9fcdd1db98b5f7359a5406f9ce45dc190ce0c93cd5dc4736abb16e7396043d78482b0879785faa60353fe0a1d773dd
-  data.tar.gz: e3deef79404b1c382c2e6167e6cb2b2981f511b6e9058fdf4fc484d8b9fce0f041551121631165f60f2220ee1d3be0ef444fb12296dac803a58afb4800b18ce0
+  metadata.gz: b2939f3acd3e9525d000b7195fd9967a4e8f80c04800e4cbac9da774625bc1cae7b26e1f0320d4d57d53abbf1bdb53a3899977deb9625880fd84458c7c302277
+  data.tar.gz: 84de3b9f8ecd84e820668d3ac2bd7fedeb7946e2707f88e00cd7219f258d597417b025a72b889dc93bf6e408c2686b2c444b90e1d2eaee856f1040d9f5b8d63a

data/README.md CHANGED Viewed

@@ -1,12 +1,17 @@
 # Secvault
-Restores Rails `secrets.yml` functionality for environment-specific secrets management using YAML files with ERB templating.
+Secvault restores the classic Rails `secrets.yml` functionality using simple, plain YAML files for environment-specific secrets management. Compatible with all modern Rails versions (7.1+, 7.2+, 8.0+).
-## Rails Version Support
+[![Gem Version](https://img.shields.io/gem/v/secvault.svg)](https://rubygems.org/gems/secvault)
-- **Rails 7.2+**: Automatic setup (drop-in replacement for removed functionality)
-- **Rails 7.1**: Manual setup required
-- **Rails 8.0+**: Full compatibility
+## Why Secvault?
+- **Drop-in replacement** for Rails 7.2+'s removed `secrets.yml` functionality
+- **Universal compatibility** across Rails 7.1+, 7.2+, and 8.0+
+- **ERB templating** support for environment variables
+- **Multi-file support** with deep merging capabilities
+- **Shared sections** for common configuration across environments
+- **Simple YAML** - no complex credential management required
 ## Installation
@@ -15,87 +20,437 @@ Restores Rails `secrets.yml` functionality for environment-specific secrets mana
 gem 'secvault'
 ```
+```bash
+bundle install
+```
 ## Quick Start
+### 1. Simple Setup
+Create `config/initializers/secvault.rb`:
+```ruby
+# The simplest setup - works across all Rails versions
+Secvault.start!
+```
 Create `config/secrets.yml`:
 ```yaml
+shared:
+  app_name: "My Rails App"
+  timeout: 30
 development:
+  secret_key_base: "dev_secret_key_here"
   api_key: "dev_key_123"
   database_url: "postgresql://localhost/myapp_dev"
+  debug: true
+test:
+  secret_key_base: "test_secret_key_here"
+  api_key: "test_key_123"
 production:
+  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
   api_key: <%= ENV['API_KEY'] %>
   database_url: <%= ENV['DATABASE_URL'] %>
+  debug: false
 ```
-Access secrets in your app:
+### 2. Access Your Secrets
 ```ruby
+# In your Rails application
 Rails.application.secrets.api_key
+Rails.application.secrets.app_name
 Rails.application.secrets.database_url
+# Nested secrets work too
+Rails.application.secrets.database.host
+Rails.application.secrets.features.analytics
 ```
-## Multi-File Configuration
+## Setup Methods
+### Unified start! Method
-Load and merge multiple secrets files:
+Secvault now uses a single, simplified `start!` method for all use cases:
+```ruby
+# Simplest setup - loads config/secrets.yml with Rails integration
+Secvault.start!
+# Custom single file
+Secvault.start!(files: ['custom.yml'])
+# Multiple files with hot reload
+Secvault.start!(
+  files: ['config/secrets.yml', 'config/secrets.local.yml'],
+  hot_reload: true
+)
+# All available options
+Secvault.start!(
+  files: ['config/secrets.yml'],           # Default: ['config/secrets.yml']
+  integrate_with_rails: true,              # Default: true
+  set_secret_key_base: true,              # Default: true
+  hot_reload: true,                       # Default: true in development
+  logger: true                            # Default: true except production
+)
+```
+### Advanced Usage
+```ruby
+# Load without Rails integration (standalone mode)
+Secvault.start!(integrate_with_rails: false)
+# Access via: Secvault.secrets.your_key
+# Multi-file with hot reload for development
+Secvault.start!(
+  files: [
+    'config/secrets.yml',
+    'config/secrets.oauth.yml',
+    'config/secrets.local.yml'   # Git-ignored local overrides
+  ],
+  hot_reload: true,
+  logger: true
+)
+```
+## Advanced Features
+### ERB Templating
+Secvault supports full ERB templating for dynamic configuration:
+```yaml
+production:
+  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
+  api_key: <%= ENV['API_KEY'] %>
+  pool_size: <%= ENV.fetch('DB_POOL', '5').to_i %>
+  # Complex expressions
+  features:
+    enabled: <%= ENV.fetch('FEATURES_ON', 'false') == 'true' %>
+    analytics: <%= Rails.env.production? && ENV['ANALYTICS'] != 'false' %>
+  # Arrays and complex data structures
+  allowed_hosts: <%= ENV.fetch('ALLOWED_HOSTS', 'localhost').split(',') %>
+  # Conditional values
+  redis_url: <%=
+    if ENV['REDIS_URL']
+      ENV['REDIS_URL']
+    else
+      "redis://localhost:6379/#{Rails.env}"
+    end
+  %>
+```
+### Shared Sections
+Define common secrets that apply to all environments:
+```yaml
+shared:
+  app_name: "MyApp"
+  version: "2.1.0"
+  timeout: 30
+  features:
+    analytics: true
+development:
+  secret_key_base: "dev_secret"
+  features:
+    debug: true    # Merges with shared.features
+production:
+  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
+  features:
+    analytics: false  # Overrides shared.features.analytics
+```
+### Multi-File Configuration
+Organize your secrets across multiple files for better maintainability:
 ```ruby
-# config/initializers/secvault.rb
 Secvault.setup_multi_file!([
-  'config/secrets.yml',
-  'config/secrets.oauth.yml',
-  'config/secrets.local.yml'
+  'config/secrets.yml',           # Base secrets
+  'config/secrets.oauth.yml',     # OAuth provider settings
+  'config/secrets.database.yml',  # Database configurations
+  'config/secrets.local.yml'      # Local overrides (git-ignored)
 ])
 ```
-Files are merged in order with deep merge support for nested hashes.
+**File merging behavior:**
+- Files are processed in order
+- Later files override earlier ones
+- Deep merging for nested hashes
+- Shared sections are merged first, then environment-specific
+### Hot Reload (Development)
+Secvault provides hot reload functionality for development:
+```ruby
+# Enable hot reload when starting Secvault
+Secvault.start!(hot_reload: true)  # Default: true in development
+# Then reload secrets without restarting Rails
+reload_secrets!
+# Or via Rails.application
+Rails.application.reload_secrets!
+```
+Hot reload is automatically enabled in development mode and provides instant feedback when you change your secrets files.
 ## Manual API
+For advanced use cases, you can use the lower-level API:
 ```ruby
 # Parse specific files
-secrets = Rails::Secrets.parse(['config/secrets.yml'], env: Rails.env)
+secrets = Rails::Secrets.parse(['config/secrets.yml'], env: 'production')
+# Load from default location
+secrets = Rails::Secrets.load(env: 'development')
+# Check if Secvault is active
+Secvault.active?  # => true/false
+# Check if integrated with Rails
+Secvault.rails_integrated?  # => true/false
+# Access loaded secrets directly
+Secvault.secrets.api_key  # Available after Secvault.start!
+```
-# Load default config/secrets.yml
-secrets = Rails::Secrets.load(env: 'production')
+## Rails Version Compatibility
-# Check if active
-Secvault.active? # => true/false
+| Rails Version | Support Level | Notes |
+|---------------|---------------|-------|
+| **Rails 7.1+** | ✅ Full compatibility | Manual setup required |
+| **Rails 7.2+** | ✅ Drop-in replacement | Automatic setup works |
+| **Rails 8.0+** | ✅ Full compatibility | Future-proof |
+### Rails 7.2+ Notes
+Rails 7.2 removed the built-in `secrets.yml` functionality. Secvault provides a complete replacement with the same API.
+### Rails 7.1 Notes
+Rails 7.1 still has `secrets.yml` support but shows deprecation warnings. Secvault provides a consistent experience across Rails versions.
+## Migration Guide
+### From Previous Secvault Versions
+**BREAKING CHANGE**: The API has been simplified. Update your initializers:
+```ruby
+# Old API (no longer supported):
+Secvault.setup!
+Secvault.setup_multi_file!(['file1.yml', 'file2.yml'])
+Secvault.integrate_with_rails!
+# New unified API:
+Secvault.start!                                     # Simple case
+Secvault.start!(files: ['file1.yml', 'file2.yml'])  # Multi-file case
+Secvault.start!(integrate_with_rails: false)        # Standalone mode
 ```
-## Rails 7.1 Integration
+### From Rails < 7.2 Built-in Secrets
+1. **Add Secvault to your Gemfile**:
+   ```ruby
+   gem 'secvault'
+   ```
+2. **Create initializer**:
+   ```ruby
+   # config/initializers/secvault.rb
+   Secvault.start!
+   ```
+3. **Your existing `config/secrets.yml` works as-is** - no changes needed!
+### From Rails Credentials
+1. **Extract your credentials to YAML**:
+   ```bash
+   # Export existing credentials
+   rails credentials:show > config/secrets.yml
+   ```
+2. **Format as environment-specific YAML**:
+   ```yaml
+   development:
+     secret_key_base: "your_dev_secret"
+     # ... other secrets
+   production:
+     secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
+     # ... other secrets
+   ```
+3. **Set up Secvault**:
+   ```ruby
+   # config/initializers/secvault.rb
+   Secvault.start!
+   ```
+## Configuration Examples
-For Rails 7.1 with existing secrets functionality:
+### Basic Application
+```yaml
+# config/secrets.yml
+shared:
+  app_name: "MyApp"
+development:
+  secret_key_base: "long_random_string_for_dev"
+  database_url: "postgresql://localhost/myapp_dev"
+test:
+  secret_key_base: "long_random_string_for_test"
+  database_url: "postgresql://localhost/myapp_test"
+production:
+  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
+  database_url: <%= ENV['DATABASE_URL'] %>
+```
+### Multi-Service Application
 ```ruby
 # config/initializers/secvault.rb
-Secvault.setup_backward_compatibility_with_older_rails!
+Secvault.start!(
+  files: [
+    'config/secrets.yml',
+    'config/secrets.oauth.yml',
+    'config/secrets.external_apis.yml',
+    'config/secrets.local.yml'  # Git-ignored
+  ],
+  hot_reload: true
+)
 ```
-## ERB Templating
+```yaml
+# config/secrets.yml (base)
+shared:
+  app_name: "MyApp"
+  timeout: 30
+development:
+  secret_key_base: "dev_secret"
+  debug: true
-Supports full ERB templating for environment variables:
+production:
+  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
+  debug: false
+```
 ```yaml
+# config/secrets.oauth.yml
+shared:
+  oauth:
+    google:
+      scope: "email profile"
+development:
+  oauth:
+    google:
+      client_id: "dev_google_client_id"
+      client_secret: "dev_google_client_secret"
 production:
-  api_key: <%= ENV['API_KEY'] %>
-  pool_size: <%= ENV.fetch('DB_POOL', '5').to_i %>
-  features:
-    enabled: <%= ENV.fetch('FEATURES_ON', 'false') == 'true' %>
-  hosts: <%= ENV.fetch('ALLOWED_HOSTS', 'localhost').split(',') %>
+  oauth:
+    google:
+      client_id: <%= ENV['GOOGLE_CLIENT_ID'] %>
+      client_secret: <%= ENV['GOOGLE_CLIENT_SECRET'] %>
 ```
-## Development Tools
+## Troubleshooting
-Reload secrets in development:
+### Common Issues
+**1. "No secrets.yml file found"**
+```bash
+# Create the file
+mkdir -p config
+touch config/secrets.yml
+```
+**2. "undefined method `secrets' for Rails.application"**
 ```ruby
-# Available after setup_multi_file!
-reload_secrets!
-Rails.application.reload_secrets!
+# Make sure Secvault is set up in an initializer
+# config/initializers/secvault.rb
+Secvault.start!
+```
+**3. "Secrets not loading in tests"**
+```ruby
+# In your test helper or rails_helper.rb
+Secvault.start! if defined?(Secvault)
+```
+**4. "Environment variables not working"**
+```yaml
+# Make sure you're using ERB syntax
+production:
+  api_key: <%= ENV['API_KEY'] %>  # ✅ Correct
+  api_key: $API_KEY               # ❌ Wrong
 ```
+### Debug Mode
+```ruby
+# Enable detailed logging (development/test only)
+Secvault.start!(files: ['config/secrets.yml'], logger: true)
+# Check if Secvault is working
+Secvault.active?           # Should return true
+Secvault.rails_integrated? # Should return true
+Rails.application.secrets  # Should show your secrets
+```
+## API Reference
+### Setup Methods
+- `Secvault.start!(files: [], integrate_with_rails: true, set_secret_key_base: true, hot_reload: auto, logger: auto)` - Main and only setup method
+### Status Methods
+- `Secvault.active?` - Check if secrets are loaded
+- `Secvault.rails_integrated?` - Check if Rails integration is active
+- `Secvault.secrets` - Access loaded secrets directly
+### Rails API Compatibility
+- `Rails::Secrets.parse(files, env:)` - Parse specific files
+- `Rails::Secrets.load(env:)` - Load from default config/secrets.yml
+- `Rails.application.secrets` - Access secrets (same as classic Rails)
+### Legacy Aliases
+- `Secvault.setup_backward_compatibility_with_older_rails!` (alias for `setup!`)
+- `Secvault.setup_rails_71_integration!` (alias for `setup!`)
+- `Secvault.setup_multi_files!` (alias for `setup_multi_file!`)
+## Contributing
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
 ## License
-MIT
+MIT License. See [LICENSE](LICENSE) for details.

data/lib/secvault/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Secvault
-  VERSION = "2.7.1"
+  VERSION = "3.0.0"
 end

data/lib/secvault.rb CHANGED Viewed

@@ -15,7 +15,7 @@ loader.setup
 #
 # Secvault restores the classic Rails secrets.yml functionality using simple,
 # plain YAML files for environment-specific secrets management. Works consistently
-# across all Rails versions with automatic deprecation warning suppression.
+# across all Rails versions.
 #
 # ## Rails Version Support:
 # - Rails 7.1+: Full compatibility with automatic setup
@@ -26,18 +26,20 @@ loader.setup
 # Add this to an initializer:
 #
 #   # config/initializers/secvault.rb
-#   Secvault.setup!
+#   Secvault.start!
 #
 # ## Usage:
 #   Rails.application.secrets.api_key
 #   Rails.application.secrets.oauth_settings[:google_client_id]
+#   Secvault.secrets.your_key  # Direct access
 #   Rails::Secrets.load(env: 'development')  # Load default config/secrets.yml
 #   Rails::Secrets.parse(['custom.yml'], env: Rails.env)  # Parse custom files
 #
 # ## Getting Started:
 #   1. Create config/secrets.yml with your secrets
-#   2. Use Rails.application.secrets.your_secret in your app
-#   3. For production, use environment variables with ERB syntax
+#   2. Call Secvault.start! in an initializer
+#   3. Use Rails.application.secrets.your_secret in your app
+#   4. For production, use environment variables with ERB syntax
 #
 # @see https://github.com/unnitallman/secvault
 module Secvault
@@ -70,125 +72,78 @@ module Secvault
     require "secvault/rails_secrets"
   end
-  # Set up Secvault for all Rails versions
-  # This provides a universal way to integrate Secvault into Rails apps
-  # with consistent behavior across all Rails versions.
+  # Start Secvault with simplified, unified API
+  # This is the main entry point for all Secvault functionality
   #
-  # Usage in an initializer:
-  #   Secvault.setup!
-  #   Secvault.setup!(suppress_warnings: false)
+  # Usage examples:
+  #   Secvault.start!                                    # Simple: config/secrets.yml + Rails integration
+  #   Secvault.start!(files: ['custom.yml'])            # Custom single file
+  #   Secvault.start!(files: ['base.yml', 'local.yml']) # Multiple files
+  #   Secvault.start!(integrate_with_rails: false)      # Load only, no Rails integration
+  #   Secvault.start!(hot_reload: true)                 # Enable hot reload in development
   #
-  # This will:
-  # 1. Set up Rails::Secrets with Secvault implementation
-  # 2. Replace Rails.application.secrets with Secvault-powered functionality
-  # 3. Load secrets from config/secrets.yml automatically
-  # 4. Suppress Rails deprecation warnings about secrets (default: true)
-  # 5. Set Rails.application.config.secret_key_base from secrets (default: true)
-  def setup!(suppress_warnings: true, set_secret_key_base: true)
-    # Override native Rails::Secrets
-    Rails.send(:remove_const, :Secrets) if defined?(Rails::Secrets)
-    Rails.const_set(:Secrets, Secvault::RailsSecrets)
-    # Set up Rails.application.secrets replacement
-    Rails.application.config.after_initialize do
-      # Suppress Rails deprecation warnings about secrets if requested
-      suppress_secrets_deprecation_warning! if suppress_warnings
-      secrets_path = Rails.root.join("config/secrets.yml")
-      if secrets_path.exist?
-        # Load secrets using Secvault
-        loaded_secrets = Rails::Secrets.parse([secrets_path], env: Rails.env)
-        # Create ActiveSupport::OrderedOptions object for compatibility
-        secrets_object = ActiveSupport::OrderedOptions.new
-        secrets_object.merge!(loaded_secrets)
-        # Replace Rails.application.secrets
-        Rails.application.define_singleton_method(:secrets) do
-          secrets_object
-        end
-        # Set secret_key_base in Rails config to avoid accessing it from secrets
-        if set_secret_key_base && loaded_secrets.key?("secret_key_base")
-          Rails.application.config.secret_key_base = loaded_secrets["secret_key_base"]
-          unless Rails.env.production?
-            Rails.logger&.info "[Secvault] Set Rails.application.config.secret_key_base from secrets.yml"
-          end
-        end
-        # Log integration success (except in production)
-        unless Rails.env.production?
-          Rails.logger&.info "[Secvault] Integration complete. Loaded #{loaded_secrets.keys.size} secret keys."
-        end
-      else
-        Rails.logger&.warn "[Secvault] No secrets.yml file found at #{secrets_path}"
-      end
-    end
-  end
-  # Set up multi-file secrets loading with a clean API
-  # Just pass an array of file paths and Secvault handles the rest
-  #
-  # Usage in an initializer:
-  #   Secvault.setup_multi_file!([
-  #     'config/secrets.yml',
-  #     'config/secrets.oauth.yml',
-  #     'config/secrets.local.yml'
-  #   ])
+  # Access secrets:
+  #   Rails.application.secrets.your_key  # When integrate_rails: true (default)
+  #   Secvault.secrets.your_key           # Direct access (always available)
   #
   # Options:
-  #   - files: Array of file paths (String or Pathname)
-  #   - reload_method: Add a reload helper method (default: true in development)
-  #   - logger: Enable/disable logging (default: true except in production)
-  #   - suppress_warnings: Suppress Rails deprecation warnings about secrets (default: true)
+  #   - files: Array of file paths (String or Pathname). Defaults to ['config/secrets.yml']
+  #   - integrate_with_rails: Integrate with Rails.application.secrets (default: true)
   #   - set_secret_key_base: Set Rails.application.config.secret_key_base from secrets (default: true)
-  def setup_multi_file!(files, reload_method: Rails.env.development?, logger: !Rails.env.production?,
-    suppress_warnings: true, set_secret_key_base: true)
-    # Ensure Secvault integration is active
-    setup!(suppress_warnings: suppress_warnings, set_secret_key_base: set_secret_key_base) unless active?
-    # Convert strings to Pathname objects and resolve relative to Rails.root
-    file_paths = Array(files).map do |file|
+  #   - hot_reload: Add reload_secrets! methods for development (default: true in development)
+  #   - logger: Enable logging (default: true except production)
+  def start!(files: [], integrate_with_rails: true, set_secret_key_base: true,
+             hot_reload: (defined?(Rails) && Rails.env.respond_to?(:development?) ? Rails.env.development? : false),
+             logger: (defined?(Rails) && Rails.env.respond_to?(:production?) ? !Rails.env.production? : true))
+    # Default to config/secrets.yml if no files specified
+    files_to_load = files.empty? ? ["config/secrets.yml"] : Array(files)
+    # Convert to Pathname objects and resolve relative to Rails.root
+    file_paths = files_to_load.map do |file|
       file.is_a?(Pathname) ? file : Rails.root.join(file)
     end
-    # Set up the multi-file loading
-    Rails.application.config.after_initialize do
-      load_multi_file_secrets!(file_paths, logger: logger, suppress_warnings: suppress_warnings,
-        set_secret_key_base: set_secret_key_base)
+    # Load secrets into Secvault.secrets
+    load_secrets!(file_paths, logger: logger)
+    # Integrate with Rails if requested
+    if integrate_with_rails
+      setup_rails_integration!(file_paths, set_secret_key_base: set_secret_key_base, logger: logger)
     end
-    # Add reload helper in development
-    return unless reload_method
-    add_reload_helper!(file_paths)
+    # Add hot reload functionality if requested
+    if hot_reload
+      add_hot_reload!(file_paths)
+    end
+    true
+  rescue => e
+    Rails.logger&.error "[Secvault] Failed to start: #{e.message}" if defined?(Rails) && logger
+    false
   end
-  # Load secrets into Secvault.secrets only (no Rails integration)
-  def load_secrets_only!(files, logger: !Rails.env.production?)
-    # Convert strings to Pathname objects and resolve relative to Rails.root
-    file_paths = Array(files).map do |file|
-      file.is_a?(Pathname) ? file : Rails.root.join(file)
-    end
+  private
+  # Load secrets into Secvault.secrets (internal storage)
+  def load_secrets!(file_paths, logger: (defined?(Rails) && Rails.env.respond_to?(:production?) ? !Rails.env.production? : true))
     existing_files = file_paths.select(&:exist?)
     if existing_files.any?
-      # Load and merge all secrets files using Secvault's parser directly
+      # Load and merge all secrets files
       merged_secrets = Secvault::Secrets.parse(existing_files, env: Rails.env)
-      # Store in Secvault.secrets (ActiveSupport::OrderedOptions for compatibility)
+      # Store in internal storage with ActiveSupport::OrderedOptions for compatibility
       @@loaded_secrets = ActiveSupport::OrderedOptions.new
       @@loaded_secrets.merge!(merged_secrets)
       # Log successful loading
       if logger
         file_names = existing_files.map(&:basename)
         Rails.logger&.info "[Secvault] Loaded #{existing_files.size} files: #{file_names.join(", ")}"
         Rails.logger&.info "[Secvault] Parsed #{merged_secrets.keys.size} secret keys for #{Rails.env}"
       end
       true
     else
       Rails.logger&.warn "[Secvault] No secrets files found" if logger
@@ -196,116 +151,65 @@ module Secvault
       false
     end
   end
-  # Load secrets from multiple files and merge them (with Rails integration)
-  def load_multi_file_secrets!(file_paths, logger: !Rails.env.production?, suppress_warnings: true,
-    set_secret_key_base: true)
-    existing_files = file_paths.select(&:exist?)
-    if existing_files.any?
-      # Suppress Rails deprecation warnings about secrets if requested
-      suppress_secrets_deprecation_warning! if suppress_warnings
-      # Load and merge all secrets files
-      merged_secrets = Rails::Secrets.parse(existing_files, env: Rails.env)
-      # Create ActiveSupport::OrderedOptions object for Rails compatibility
-      secrets_object = ActiveSupport::OrderedOptions.new
-      secrets_object.merge!(merged_secrets)
-      # Replace Rails.application.secrets
-      Rails.application.define_singleton_method(:secrets) { secrets_object }
-      # Set secret_key_base in Rails config to avoid accessing it from secrets
-      if set_secret_key_base && merged_secrets.key?("secret_key_base")
-        Rails.application.config.secret_key_base = merged_secrets["secret_key_base"]
-        Rails.logger&.info "[Secvault Multi-File] Set Rails.application.config.secret_key_base from secrets" if logger
-      end
-      # Log successful loading
-      if logger
-        file_names = existing_files.map(&:basename)
-        Rails.logger&.info "[Secvault Multi-File] Loaded #{existing_files.size} files: #{file_names.join(", ")}"
-        Rails.logger&.info "[Secvault Multi-File] Merged #{merged_secrets.keys.size} secret keys for #{Rails.env}"
+  # Set up Rails integration
+  def setup_rails_integration!(file_paths, set_secret_key_base: true, logger: (defined?(Rails) && Rails.env.respond_to?(:production?) ? !Rails.env.production? : true))
+    # Override native Rails::Secrets with Secvault implementation
+    Rails.send(:remove_const, :Secrets) if defined?(Rails::Secrets)
+    Rails.const_set(:Secrets, Secvault::RailsSecrets)
+    # Set up Rails.application.secrets replacement in after_initialize
+    Rails.application.config.after_initialize do
+      if @@loaded_secrets && !@@loaded_secrets.empty?
+        # Replace Rails.application.secrets with our loaded secrets
+        Rails.application.define_singleton_method(:secrets) do
+          @@loaded_secrets
+        end
+        # Set secret_key_base in Rails config to avoid accessing it from secrets
+        if set_secret_key_base && @@loaded_secrets.key?(:secret_key_base)
+          Rails.application.config.secret_key_base = @@loaded_secrets[:secret_key_base]
+          Rails.logger&.info "[Secvault] Set Rails.application.config.secret_key_base from secrets" if logger
+        end
+        # Log integration success (except in production)
+        if logger
+          Rails.logger&.info "[Secvault] Rails integration complete. #{@@loaded_secrets.keys.size} secret keys available."
+        end
+      else
+        Rails.logger&.warn "[Secvault] No secrets loaded for Rails integration" if logger
       end
-      merged_secrets
-    else
-      Rails.logger&.warn "[Secvault Multi-File] No secrets files found" if logger
-      {}
     end
   end
-  # Add reload helper method for development
-  def add_reload_helper!(file_paths)
+  # Add hot reload functionality for development
+  def add_hot_reload!(file_paths)
     # Define reload method on Rails.application
     Rails.application.define_singleton_method(:reload_secrets!) do
-      Secvault.load_multi_file_secrets!(file_paths, logger: true)
-      puts "🔄 Reloaded secrets from #{file_paths.size} files"
+      # Reload secrets
+      Secvault.send(:load_secrets!, file_paths, logger: true)
+      # Re-apply Rails integration if needed
+      if Secvault.rails_integrated? && @@loaded_secrets
+        Rails.application.define_singleton_method(:secrets) do
+          @@loaded_secrets
+        end
+      end
+      puts "🔄 Hot reloaded secrets from #{file_paths.size} files"
       true
     end
     # Also make it available as a top-level method
     Object.define_method(:reload_secrets!) do
       Rails.application.reload_secrets!
     end
+    Rails.logger&.info "[Secvault] Hot reload enabled. Use reload_secrets! to refresh secrets." unless (defined?(Rails) && Rails.env.respond_to?(:production?) && Rails.env.production?)
   end
+  public
-  # Start Secvault and load secrets (without Rails integration)
-  #
-  # Usage:
-  #   Secvault.start!                                    # Uses config/secrets.yml only
-  #   Secvault.start!(files: [])                        # Same as above
-  #   Secvault.start!(files: ['path/to/secrets.yml'])   # Custom single file
-  #   Secvault.start!(files: ['gem.yml', 'app.yml'])    # Multiple files
-  #
-  # Access loaded secrets via: Secvault.secrets.your_key
-  # To integrate with Rails.application.secrets, call: Secvault.integrate_with_rails!
-  #
-  # Options:
-  #   - files: Array of file paths (String or Pathname). Defaults to ['config/secrets.yml']
-  #   - logger: Enable logging (default: true except production)
-  def start!(files: [], logger: !Rails.env.production?)
-    # Default to host app's config/secrets.yml if no files specified
-    files_to_load = files.empty? ? ["config/secrets.yml"] : files
-    # Load secrets into Secvault.secrets (completely independent of Rails)
-    load_secrets_only!(files_to_load, logger: logger)
-    true
-  rescue => e
-    Rails.logger&.error "[Secvault] Failed to start: #{e.message}" if defined?(Rails)
-    false
-  end
-  # Integrate loaded secrets with Rails.application.secrets
-  def integrate_with_rails!
-    return false unless @@loaded_secrets
-    begin
-      # Set up Rails::Secrets to use Secvault's parser (only when integrating)
-      unless rails_integrated?
-        Rails.send(:remove_const, :Secrets) if defined?(Rails::Secrets)
-        Rails.const_set(:Secrets, Secvault::RailsSecrets)
-      end
-      # Replace Rails.application.secrets with Secvault's loaded secrets
-      Rails.application.define_singleton_method(:secrets) do
-        Secvault.secrets
-      end
-      Rails.logger&.info "[Secvault] Integrated with Rails.application.secrets" unless Rails.env.production?
-      true
-    rescue => e
-      Rails.logger&.error "[Secvault] Failed to integrate with Rails: #{e.message}" if defined?(Rails)
-      false
-    end
-  end
-  # Backward compatibility aliases
-  alias_method :setup_backward_compatibility_with_older_rails!, :setup! # Legacy name
-  alias_method :setup_rails_71_integration!, :setup! # Legacy name
-  alias_method :setup_multi_files!, :setup_multi_file! # Alternative name
 end
 Secvault.install! if defined?(Rails)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secvault
 version: !ruby/object:Gem::Version
-  version: 2.7.1
+  version: 3.0.0
 platform: ruby
 authors:
 - Unnikrishnan KP