Skip to content

Encrypted & plain text credentials for multiple environments

License

Notifications You must be signed in to change notification settings

freeletics/creds

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Creds

Manage encrypted credentials (added in Rails 5.2.0) with multiple environments.

Installation

Available as a gem creds

Usage

Using Rails command, generate new encrypted file by

bin/rails encrypted:edit config/credentials/production.yml.enc --key config/credentials/production.key

add some content in opened editor (note there is no environment root key, ie no production):

aws_access_key_id: my-access-key-id

If config/credentials/production.key doesn't exist yet, run bin/rails generate master_key and adjust naming to match desired one. Content of file can be displayed by

bin/rails encrypted:show config/credentials/production.yml.enc --key config/credentials/production.key

Add to config/environments/production.rb (or any other env)

config.creds = Creds.new("config/credentials/production.yml.enc")

If wants to use key from custom path - by default it checks RAILS_MASTER_KEY env key and config/master.key file:

config.creds = Creds.new("config/credentials/production.yml.enc", key_path: "config/credentials/production.key")

In the code:

Rails.configuration.creds.aws_access_key_id

To ease working in development/test environments with the same API, add config/credentials/plain.yml with key/value pairs nested under environment name, like:

development:
  aws_access_key_id: "aws-key-id"

Then add to config/environments/development.rb

config.creds = Creds.new("config/credentials/plain.yml", env: "development")

Rails 6.0

In Rails 6.0 it is possible to edit files by rails credentials:edit --environment production which will look for config/credentials/production.yml.enc encrypted by ENV["RAILS_MASTER_KEY"] or config/credentials/production.key

Additions

  • To raise error in case of missing key you can add bang to the name, like Rails.configuration.creds.database_url!
  • To list all defined key/value pairs call config, like Rails.configuration.creds.config
  • Plain text file can embed Ruby (<%= %>), but not encrypted one
  • If secret_key_base is specified in credentials file, it will be assigned to Rails.configuration.secret_key_base, as it is required by Rails

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/freeletics/creds

License

The gem is available as open source under the terms of the MIT License.

About

Encrypted & plain text credentials for multiple environments

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published