{"id":13878160,"url":"https://github.com/hopsoft/credentials_demo","last_synced_at":"2025-06-15T10:07:23.400Z","repository":{"id":178455831,"uuid":"661881097","full_name":"hopsoft/credentials_demo","owner":"hopsoft","description":"Demo of environment aware Rails encrypted credentials with environment variable override","archived":false,"fork":false,"pushed_at":"2023-07-05T14:47:48.000Z","size":35,"stargazers_count":23,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-24T05:19:27.225Z","etag":null,"topics":["configuration","configuration-management","rails","ruby","ruby-on-rails"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hopsoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-07-03T22:00:11.000Z","updated_at":"2024-11-08T22:31:52.000Z","dependencies_parsed_at":null,"dependency_job_id":"9970a181-9aa6-432a-9e29-cc17657272b3","html_url":"https://github.com/hopsoft/credentials_demo","commit_stats":{"total_commits":10,"total_committers":1,"mean_commits":10.0,"dds":0.0,"last_synced_commit":"7f608d9848f69d7124b610e81b4be9f477c0578c"},"previous_names":["hopsoft/credentials_demo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hopsoft/credentials_demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hopsoft%2Fcredentials_demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hopsoft%2Fcredentials_demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hopsoft%2Fcredentials_demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hopsoft%2Fcredentials_demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hopsoft","download_url":"https://codeload.github.com/hopsoft/credentials_demo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hopsoft%2Fcredentials_demo/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259957183,"owners_count":22937542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configuration","configuration-management","rails","ruby","ruby-on-rails"],"created_at":"2024-08-06T08:01:41.425Z","updated_at":"2025-06-15T10:07:23.377Z","avatar_url":"https://github.com/hopsoft.png","language":"Ruby","readme":"# Credentials Demo\n\n## What\n\nDemo of environment aware Rails encrypted credentials with environment variable override.\n\n## Why\n\n1. Simplifies configuration management\n1. Centralizes application secrets\n1. Reduces the number of managed environment variables... often limited to one (`RAILS_MASTER_KEY`)\n1. Eliminates wasted developer time due to missing environment variables\n1. Reduces gem dependencies... [dotenv](https://github.com/bkeepers/dotenv), etc.\n1. Preserves productivity by exposing configuraiton via the environment `ENV`\n1. Retains flexibility by allowing the environment (`ENV`) to override\n\n## How\n\n1. Edit the Rails encrypted credentials file.\n\n    ```sh\n    bin/rails credentials:edit\n    ```\n\n    ```yaml\n    default: \u0026default\n      aws_access_key_id: AKIAIOSFODNN7EXAMPLE\n      aws_region: us-east-1\n      aws_secret_access_key: b1e4c2d8f9a7g5i3h2j4k1l6m8n0o9p5q7r3s1t2u6v8w0x9y4z2\n\n    development:\n      \u003c\u003c: *default\n      database: db/databases/development.sqlite3\n      secret_key_base: 31461f5d38cc7f2e919ea18e9a390bd3558a31be2e5d8e79b9c40ae7a91a5990768da5c8baa2521462c366f5568c4d58b843f92ea5eda71d9bc9c8a8b0c96435\n\n    test:\n      \u003c\u003c: *default\n      database: db/databases/test.sqlite3\n      secret_key_base: 852d4a5f4796699b4204c776c6b7f2934fd2f5424ac9d2f8f15d6bf9a0efc1f4bc5fd6b44fd1b0774de7168a0990d76ae6c3229370414db7b7d66830b2f74491\n\n    production:\n      \u003c\u003c: *default\n      aws_access_key_id: AKIA5VXCTQ99GEXAMPLE\n      aws_secret_access_key: 3a9d8a2b5c4e1f7g6h2i5j1k3l4m7n8o9p0q1r2s3t4u5v6w7x8y9z0\n      database: db/databases/production.sqlite3\n      secret_key_base: b05157ed1f089563a5c754d6219b6a4fdf7c521d0e970ddc15cdd9a1bec58fa251191d50d1b8500987a2589a98afa20f27b964e2eefed9dbc574036880af34e0\n    ```\n\n2. The application merges the encrypted credentials into the environment `ENV` on boot\n\n    [View the code here.](https://github.com/hopsoft/credentials_demo/blob/main/config/application.rb#L11-L16).\n\n    ```ruby\n    creds = credentials[Rails.env.to_sym]\n      .with_indifferent_access\n      .transform_keys(\u0026:upcase)\n      .transform_values(\u0026:to_s)\n\n    ENV.merge! creds.merge(ENV)\n    ```\n\n3. Access the configuration via `ENV`\n\n    ```sh\n    bin/rails console --environment development\n    ```\n\n    ```ruby\n    ENV.fetch \"DATABASE\" # =\u003e db/databases/development.sqlite3\n    ```\n\n    ---\n\n    ```sh\n    bin/rails console --environment test\n    ```\n\n    ```ruby\n    ENV.fetch \"DATABASE\" # =\u003e db/databases/test.sqlite3\n    ```\n\n    ---\n\n    ```sh\n    bin/rails console --environment production\n    ```\n\n    ```ruby\n    ENV.fetch \"DATABASE\" # =\u003e db/databases/production.sqlite3\n    ```\n\n    ---\n\n    Example of environment variable override.\n\n    ```sh\n    DATABASE=db/databases/foo.sqlite3 bin/rails console --environment production\n    ```\n\n    ```ruby\n    ENV.fetch \"DATABASE\" # =\u003e db/databases/foo.sqlite3\n    ```\n\n## Next Steps\n\nConsider combining this technique with environment specific credentials if you'd like  to hide specific environment configurations from developers.\n\n```sh\nbin/rails credentials:help\nbin/rails credentials:edit --environment production\n```\n","funding_links":[],"categories":["Ruby"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhopsoft%2Fcredentials_demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhopsoft%2Fcredentials_demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhopsoft%2Fcredentials_demo/lists"}