diff options
author | Yuji Yaginuma <yuuji.yaginuma@gmail.com> | 2018-02-08 19:49:50 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-08 19:49:50 +0900 |
commit | 5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718 (patch) | |
tree | 9723c9838931817aefa7974d30e57e05c1ba5ca2 | |
parent | cc523fba9baf09849aeb59db28dab04135839f34 (diff) | |
download | rails-5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718.tar.gz rails-5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718.tar.bz2 rails-5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718.zip |
Do not add master key when `RAILS_MASTER_KEY` env specified (#31922)
Fixes #31917
4 files changed, 27 insertions, 2 deletions
diff --git a/railties/lib/rails/commands/credentials/credentials_command.rb b/railties/lib/rails/commands/credentials/credentials_command.rb index 385d3976da..fa54c0362a 100644 --- a/railties/lib/rails/commands/credentials/credentials_command.rb +++ b/railties/lib/rails/commands/credentials/credentials_command.rb @@ -20,7 +20,7 @@ module Rails require_application_and_environment! ensure_editor_available(command: "bin/rails credentials:edit") || (return) - ensure_master_key_has_been_added + ensure_master_key_has_been_added if Rails.application.credentials.key.nil? ensure_credentials_have_been_added catch_editing_exceptions do diff --git a/railties/lib/rails/commands/encrypted/encrypted_command.rb b/railties/lib/rails/commands/encrypted/encrypted_command.rb index 912c453f09..3bc8f76ce4 100644 --- a/railties/lib/rails/commands/encrypted/encrypted_command.rb +++ b/railties/lib/rails/commands/encrypted/encrypted_command.rb @@ -21,9 +21,10 @@ module Rails def edit(file_path) require_application_and_environment! + encrypted = Rails.application.encrypted(file_path, key_path: options[:key]) ensure_editor_available(command: "bin/rails encrypted:edit") || (return) - ensure_encryption_key_has_been_added(options[:key]) + ensure_encryption_key_has_been_added(options[:key]) if encrypted.key.nil? ensure_encrypted_file_has_been_added(file_path, options[:key]) catch_editing_exceptions do diff --git a/railties/test/commands/credentials_test.rb b/railties/test/commands/credentials_test.rb index 7c464b3fde..663ee73bcd 100644 --- a/railties/test/commands/credentials_test.rb +++ b/railties/test/commands/credentials_test.rb @@ -43,6 +43,18 @@ class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase assert_match(/api_key: abc/, run_show_command) end + test "edit command does not add master key when `RAILS_MASTER_KEY` env specified" do + Dir.chdir(app_path) do + key = IO.binread("config/master.key").strip + FileUtils.rm("config/master.key") + + switch_env("RAILS_MASTER_KEY", key) do + run_edit_command + assert_not File.exist?("config/master.key") + end + end + end + test "show credentials" do assert_match(/access_key_id: 123/, run_show_command) end diff --git a/railties/test/commands/encrypted_test.rb b/railties/test/commands/encrypted_test.rb index 6647dcc902..9fc73d5f18 100644 --- a/railties/test/commands/encrypted_test.rb +++ b/railties/test/commands/encrypted_test.rb @@ -33,6 +33,18 @@ class Rails::Command::EncryptedCommandTest < ActiveSupport::TestCase end end + test "edit command does not add master key when `RAILS_MASTER_KEY` env specified" do + Dir.chdir(app_path) do + key = IO.binread("config/master.key").strip + FileUtils.rm("config/master.key") + + switch_env("RAILS_MASTER_KEY", key) do + run_edit_command("config/tokens.yml.enc") + assert_not File.exist?("config/master.key") + end + end + end + test "edit encrypts file with custom key" do run_edit_command("config/tokens.yml.enc", key: "config/tokens.key") |