Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sinsoku/rails-env-credentials

Enhances Rails credentials for multiple environments
https://github.com/sinsoku/rails-env-credentials

rails

Last synced: 23 minutes ago
JSON representation

Enhances Rails credentials for multiple environments

Host: GitHub
URL: https://github.com/sinsoku/rails-env-credentials
Owner: sinsoku
License: mit
Created: 2018-01-02T14:30:16.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2021-09-26T09:18:25.000Z (about 3 years ago)
Last Synced: 2024-12-15T21:19:16.670Z (8 days ago)
Topics: rails
Language: Ruby
Homepage:
Size: 66.4 KB
Stars: 108
Watchers: 3
Forks: 7
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

[![Gem Version](https://badge.fury.io/rb/rails-env-credentials.svg)](https://badge.fury.io/rb/rails-env-credentials)
[![Ruby](https://github.com/sinsoku/rails-env-credentials/actions/workflows/main.yml/badge.svg)](https://github.com/sinsoku/rails-env-credentials/actions/workflows/main.yml)

# RailsEnvCredentials

It enhances the Credentials feature introduced by Rails v5.2.0.

## Installation

Add this line to your Rails application's Gemfile:

```ruby
group :development, :test do
gem 'rails-env-credentials'
end
```

And then execute:

```
$ bundle
```

## Usage

RailsEnvCredentials manages credentials and key pairs with the following:

```
config/credentials-development.yml.enc
config/credentials-test.yml.enc
config/credentials.yml.enc
master-development.key
master-test.key
master.key
```

It also manages environment variables for each env.

```
RAILS_MASTER_KEY_DEVELOPMENT
RAILS_MASTER_KEY_TEST
RAILS_MASTER_KEY
```

You can use appropriate credentials depending on `Rails.env`.

```console
$ rails env_credentials:show -e development
# config/credentials-development.yml.enc
aws:
bucket: foo-dev

$ rails env_credentials:show -e production
# config/credentials.yml.enc
aws:
bucket: foo-prod

$ rails runner -e development 'pp Rails.application.credentials.aws.bucket'
"foo-dev"
$ rails runner -e production 'pp Rails.application.credentials.aws.bucket'
"foo-prod"
```

## Generating secrets and a master key

It automatically generate encrypted file and the master key when you starts editing credentials at first:

```
$ rails env_credentials:edit -e development
```

## Show secrets

You want to see decrypted contents, use `env_credentials:show`:

```
$ rails env_credentials:show -e development
```

## Additional information

### Other environments support

For example, if the `config/environments/staging.rb` exists, you will generate `config/credentials-staging.yml.enc`.

```
$ rails env_credentials:edit -e staging
```

### Display a diff

You can’t directly compare encrypted files between two versions, but it turns out you can see a diff using Git attributes.

Put the following line in your `.gitattributes` file:

```
config/credentials*.yml.enc diff=env_credentials
```

Then configure Git to use `env_credentials:show`:

```
$ git config diff.env_credentials.textconv 'rails env_credentials:show --file'
```

This tells Git that encrypted files should decrypt by the `env_credentials:show` task when you try to display a diff.

## Why make this gem?

Credentials is a good feature, but we cannot use it on development and test environment.

DHH wrote as follow in the pull request for initial implementation:

> It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret.
>
> refs: https://github.com/rails/rails/pull/30067

However, I have to manage secrets and a master key different from production for testing in the staging environment.

I do not have the confidence to explain explicit use cases to Rails team, so I implemented as a gem.

## Development

After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

## Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/sinsoku/rails-env-credentials. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

## License

The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

## Code of Conduct

Everyone interacting in the Rails::Env::Credentials project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/sinsoku/rails-env-credentials/blob/main/CODE_OF_CONDUCT.md).