smart_credentials 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a3185b9dfdee2fb9e4d543184ba63f55f13f5d22c3119a5b8f441174e0270bce
+  data.tar.gz: 76c41546d8df16846954300e6f6bb12c05086ce9cad00664868e08fa53ee8382
+SHA512:
+  metadata.gz: 4d4c21211508dd45eab5358ced09c61260182385be09fd73182dfe772e09c2bef3723b1b5e64640af69ab3d24c64a40b9c8229417def7211f6a9fda2d8eb97d5
+  data.tar.gz: 5cac75d30d501e0b254c319cd42e7608b0505018a572530a56bd5f16ae4ada8ac81f9b04f5fe47584b69e03d367935de641917573aecd87135e38f8e018b20bb

data/CHANGELOG.md

@@ -0,0 +1,17 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [1.0.0] - 2025-10-21
+
+### Added
+- Initial stable release
+- ENV variable override with Rails credentials fallback
+- Support for nested credential access (e.g., `SmartCredentials.aws.access_key_id`)
+- Support for deeply nested credentials (e.g., `SmartCredentials.aws.s3.bucket_name`)
+- Hash-style access support (`SmartCredentials[:api_key]`)
+- `dig` method for nested access
+- Configuration via `SmartCredentials::Config.setup`
+- Custom ENV prefix and ENV separator configuration
+
+[1.0.0]: https://github.com/yarbro/smart_credentials/releases/tag/v1.0.0

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 David Yarbro
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,228 @@
+# SmartCredentials
+
+SmartCredentials intelligently manages your Rails application credentials by allowing environment variables to override Rails encrypted credentials with automatic fallback. Perfect for development, staging, and production environments where you want the flexibility of ENV variables without losing the security of encrypted credentials.
+
+## Features
+
+- **Automatic Fallback** - ENV variables take priority, falling back to Rails credentials
+- **Nested Credentials** - Full support for deeply nested credential structures
+- **Familiar Interface** - Works just like `Rails.application.credentials`
+- **Multiple Access Patterns** - Method chaining, hash-style, and dig support
+
+## Installation
+
+Add this line to your application's Gemfile:
+```ruby
+gem "smart_credentials"
+```
+
+## Usage
+
+### Basic Usage
+
+Instead of using `Rails.application.credentials.api_key`, use:
+```ruby
+SmartCredentials.api_key
+```
+
+This will:
+1. First check for `ENV["API_KEY"]`
+2. If not found, fall back to `Rails.application.credentials.api_key`
+
+### Nested Credentials
+
+For nested credentials like `Rails.application.credentials.aws.access_key_id`:
+```ruby
+SmartCredentials.aws.access_key_id
+```
+
+This will:
+1. First check for `ENV["AWS_ACCESS_KEY_ID"]`
+2. If not found, fall back to `Rails.application.credentials.aws.access_key_id`
+
+### Hash-Style Access
+
+You can also use hash-style access:
+```ruby
+SmartCredentials[:api_key]
+SmartCredentials[:aws][:access_key_id]
+
+# or mix and match
+SmartCredentials.aws[:access_key_id]
+SmartCredentials[:aws].access_key_id
+```
+
+### Dig Method
+
+For deeply nested values:
+```ruby
+SmartCredentials.dig(:aws, :s3, :bucket_name)
+# Checks ENV["AWS_S3_BUCKET_NAME"]
+# Falls back to Rails.application.credentials.aws.s3.bucket_name
+```
+
+## Configuration
+
+SmartCredentials works without any configuration, but you can customize its behavior.
+
+### Using an Initializer
+
+Create `config/initializers/smart_credentials.rb`:
+```ruby
+# Block style
+SmartCredentials::Config.setup do |config|
+  config.env_prefix = "MYAPP"
+  config.env_separator = "__"
+end
+
+# or direct assignment style
+SmartCredentials::Config.env_prefix = "MYAPP"
+SmartCredentials::Config.env_separator = "__"
+```
+
+### Configuration Options
+
+#### `env_prefix`
+
+Add a prefix to all ENV variable lookups:
+```ruby
+SmartCredentials::Config.env_prefix = "MYAPP"
+
+# Now looks for ENV["MYAPP_API_KEY"] instead of ENV["API_KEY"]
+SmartCredentials.api_key
+```
+
+**Default:** `nil` (no prefix)
+
+#### `env_separator`
+
+Change the separator used for nested keys:
+```ruby
+SmartCredentials::Config.env_separator = "__"
+
+# Now looks for ENV["AWS__ACCESS_KEY_ID"] instead of ENV["AWS_ACCESS_KEY_ID"]
+SmartCredentials.aws.access_key_id
+
+# Also affects prefix separator:
+SmartCredentials::Config.env_prefix = "MYAPP"
+# Now looks for ENV["MYAPP__AWS__ACCESS_KEY_ID"] instead of ENV["MYAPP_AWS_ACCESS_KEY_ID"]
+SmartCredentials.aws.access_key_id
+```
+
+**Default:** `"_"` (underscore)
+
+## Real-World Examples
+
+### Example credentials.yml.enc
+```yaml
+production:
+  api_key: "production_key_from_credentials"
+  secret_key_base: "long_secret_string"
+  aws:
+    access_key_id: "AKIAIOSFODNN7EXAMPLE"
+    secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+    region: "us-east-1"
+    s3:
+      bucket_name: "my-app-production"
+  stripe:
+    publishable_key: "pk_live_123"
+    secret_key: "sk_live_456"
+  database:
+    host: "db.example.com"
+    username: "app_user"
+    password: "secure_password"
+```
+
+### AWS Configuration
+```ruby
+# config/initializers/aws.rb
+Aws.config.update(
+  credentials: Aws::Credentials.new(
+    SmartCredentials.aws.access_key_id,
+    SmartCredentials.aws.secret_access_key
+  ),
+  region: SmartCredentials.aws.region
+)
+```
+
+### Stripe Configuration
+```ruby
+# config/initializers/stripe.rb
+Stripe.api_key = SmartCredentials.stripe.secret_key
+```
+
+### Database Configuration
+```ruby
+# config/database.yml
+production:
+  adapter: postgresql
+  host: <%= SmartCredentials.database.host %>
+  username: <%= SmartCredentials.database.username %>
+  password: <%= SmartCredentials.database.password %>
+  database: myapp_production
+```
+
+### In Your Application Code
+```ruby
+# app/services/api_client.rb
+class ApiClient
+  def initialize
+    @api_key = SmartCredentials.api_key
+    @base_url = SmartCredentials.api.base_url
+  end
+
+  def call
+    HTTParty.get(@base_url, headers: { "Authorization" => "Bearer #{@api_key}" })
+  end
+end
+```
+
+## Use Cases
+
+### Development
+
+Keep encrypted credentials for your team while allowing individual developers to override specific values:
+```bash
+# Developer can use their own AWS credentials without touching credentials file
+export AWS_ACCESS_KEY_ID="my_dev_key"
+export AWS_SECRET_ACCESS_KEY="my_dev_secret"
+```
+
+### Staging/Production
+
+Use ENV variables for secrets in production while keeping sensible defaults in credentials for development:
+```ruby
+# Always works in any environment
+SmartCredentials.stripe.secret_key
+```
+
+## Behavior
+
+SmartCredentials behaves like Rails credentials:
+```ruby
+# Returns the value if it exists
+SmartCredentials.api_key
+# => "your_api_key"
+
+# Returns nil if it doesn't exist
+SmartCredentials.nonexistent_key
+# => nil
+
+# Raises NoMethodError when chaining after nil (like Rails)
+SmartCredentials.nonexistent.nested.key
+# => NoMethodError: undefined method `nested' for nil
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome.
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am "Added some new feature"`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/lib/smart_credentials/accessor.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+module SmartCredentials
+  class Accessor
+    def initialize(path = [])
+      @path = path
+    end
+
+    def method_missing(method_name, *args, &block)
+      if args.empty? && !block_given?
+        fetch(method_name)
+      else
+        super
+      end
+    end
+
+    def respond_to_missing?(_method_name, _include_private = false)
+      true
+    end
+
+    def [](key)
+      fetch(key)
+    end
+
+    def dig(*keys)
+      keys.reduce(self) do |acc, key|
+        break nil if acc.nil?
+
+        acc[key]
+      end
+    end
+
+    private
+
+    def fetch(key)
+      new_path = @path + [key]
+      env_value = fetch_from_env(new_path)
+      return env_value if env_value
+
+      credentials_value = fetch_from_credentials(new_path)
+
+      if hash_like?(credentials_value)
+        Accessor.new(new_path)
+      else
+        credentials_value
+      end
+    end
+
+    def fetch_from_env(path)
+      env_key = build_env_key(path)
+      ENV[env_key]
+    end
+
+    def build_env_key(path)
+      prefix = SmartCredentials::Config.env_prefix
+      separator = SmartCredentials::Config.env_separator
+
+      key_parts = path.map { |part| part.to_s.upcase }
+      key_parts.unshift(prefix.upcase) if prefix
+
+      key_parts.join(separator)
+    end
+
+    def fetch_from_credentials(path)
+      return nil unless rails_credentials_available?
+
+      credentials = Rails.application.credentials
+      path.reduce(credentials) do |creds, key|
+        return nil if creds.nil?
+
+        access_credential(creds, key)
+      end
+    end
+
+    def rails_credentials_available?
+      defined?(Rails) && Rails.application.respond_to?(:credentials)
+    end
+
+    def access_credential(creds, key)
+      if creds.respond_to?(:[])
+        creds[key.to_sym] || creds[key.to_s]
+      elsif creds.respond_to?(key)
+        creds.public_send(key)
+      end
+    end
+
+    def hash_like?(value)
+      value.is_a?(Hash) ||
+        (defined?(ActiveSupport::HashWithIndifferentAccess) &&
+         value.is_a?(ActiveSupport::HashWithIndifferentAccess))
+    end
+  end
+end

data/lib/smart_credentials/config.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module SmartCredentials
+  module Config
+    DEFAULTS = {
+      env_prefix: nil,
+      env_separator: "_"
+    }.freeze
+
+    class << self
+      attr_accessor :env_prefix
+      attr_writer :env_separator
+
+      def setup
+        yield self
+      end
+
+      def env_separator
+        @env_separator ||= DEFAULTS[:env_separator]
+      end
+    end
+
+    @env_prefix = DEFAULTS[:env_prefix]
+    @env_separator = DEFAULTS[:env_separator]
+  end
+end

data/lib/smart_credentials/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module SmartCredentials
+  VERSION = "1.0.0"
+end

data/lib/smart_credentials.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative "smart_credentials/version"
+require_relative "smart_credentials/config"
+require_relative "smart_credentials/accessor"
+
+module SmartCredentials
+  class Error < StandardError; end
+
+  class << self
+    def method_missing(method_name, *args, &block)
+      if args.empty? && !block_given?
+        Accessor.new.public_send(method_name)
+      else
+        super
+      end
+    end
+
+    def respond_to_missing?(_method_name, _include_private = false)
+      true
+    end
+
+    def [](key)
+      Accessor.new[key]
+    end
+
+    def dig(*keys)
+      Accessor.new.dig(*keys)
+    end
+  end
+end

data/sig/smart_credentials.rbs

@@ -0,0 +1,4 @@
+module SmartCredentials
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification
+name: smart_credentials
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- David Yarbro
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+description: Seamlessly use environment variables with automatic fallback to Rails
+  credentials, supporting nested values and flexible configuration
+email:
+- david@yarb.ro
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/smart_credentials.rb
+- lib/smart_credentials/accessor.rb
+- lib/smart_credentials/config.rb
+- lib/smart_credentials/version.rb
+- sig/smart_credentials.rbs
+homepage: https://github.com/yarbro/smart_credentials
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/yarbro/smart_credentials
+  source_code_uri: https://github.com/yarbro/smart_credentials
+  changelog_uri: https://github.com/yarbro/smart_credentials/releases
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Intelligently override Rails credentials with environment variables
+test_files: []