aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYuji Yaginuma <yuuji.yaginuma@gmail.com>2018-02-08 19:49:50 +0900
committerGitHub <noreply@github.com>2018-02-08 19:49:50 +0900
commit5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718 (patch)
tree9723c9838931817aefa7974d30e57e05c1ba5ca2
parentcc523fba9baf09849aeb59db28dab04135839f34 (diff)
downloadrails-5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718.tar.gz
rails-5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718.tar.bz2
rails-5d75ef72e61f00bbf987aa5a73e9ca2a1e23d718.zip
Do not add master key when `RAILS_MASTER_KEY` env specified (#31922)
Fixes #31917
-rw-r--r--railties/lib/rails/commands/credentials/credentials_command.rb2
-rw-r--r--railties/lib/rails/commands/encrypted/encrypted_command.rb3
-rw-r--r--railties/test/commands/credentials_test.rb12
-rw-r--r--railties/test/commands/encrypted_test.rb12
4 files changed, 27 insertions, 2 deletions
diff --git a/railties/lib/rails/commands/credentials/credentials_command.rb b/railties/lib/rails/commands/credentials/credentials_command.rb
index 385d3976da..fa54c0362a 100644
--- a/railties/lib/rails/commands/credentials/credentials_command.rb
+++ b/railties/lib/rails/commands/credentials/credentials_command.rb
@@ -20,7 +20,7 @@ module Rails
require_application_and_environment!
ensure_editor_available(command: "bin/rails credentials:edit") || (return)
- ensure_master_key_has_been_added
+ ensure_master_key_has_been_added if Rails.application.credentials.key.nil?
ensure_credentials_have_been_added
catch_editing_exceptions do
diff --git a/railties/lib/rails/commands/encrypted/encrypted_command.rb b/railties/lib/rails/commands/encrypted/encrypted_command.rb
index 912c453f09..3bc8f76ce4 100644
--- a/railties/lib/rails/commands/encrypted/encrypted_command.rb
+++ b/railties/lib/rails/commands/encrypted/encrypted_command.rb
@@ -21,9 +21,10 @@ module Rails
def edit(file_path)
require_application_and_environment!
+ encrypted = Rails.application.encrypted(file_path, key_path: options[:key])
ensure_editor_available(command: "bin/rails encrypted:edit") || (return)
- ensure_encryption_key_has_been_added(options[:key])
+ ensure_encryption_key_has_been_added(options[:key]) if encrypted.key.nil?
ensure_encrypted_file_has_been_added(file_path, options[:key])
catch_editing_exceptions do
diff --git a/railties/test/commands/credentials_test.rb b/railties/test/commands/credentials_test.rb
index 7c464b3fde..663ee73bcd 100644
--- a/railties/test/commands/credentials_test.rb
+++ b/railties/test/commands/credentials_test.rb
@@ -43,6 +43,18 @@ class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase
assert_match(/api_key: abc/, run_show_command)
end
+ test "edit command does not add master key when `RAILS_MASTER_KEY` env specified" do
+ Dir.chdir(app_path) do
+ key = IO.binread("config/master.key").strip
+ FileUtils.rm("config/master.key")
+
+ switch_env("RAILS_MASTER_KEY", key) do
+ run_edit_command
+ assert_not File.exist?("config/master.key")
+ end
+ end
+ end
+
test "show credentials" do
assert_match(/access_key_id: 123/, run_show_command)
end
diff --git a/railties/test/commands/encrypted_test.rb b/railties/test/commands/encrypted_test.rb
index 6647dcc902..9fc73d5f18 100644
--- a/railties/test/commands/encrypted_test.rb
+++ b/railties/test/commands/encrypted_test.rb
@@ -33,6 +33,18 @@ class Rails::Command::EncryptedCommandTest < ActiveSupport::TestCase
end
end
+ test "edit command does not add master key when `RAILS_MASTER_KEY` env specified" do
+ Dir.chdir(app_path) do
+ key = IO.binread("config/master.key").strip
+ FileUtils.rm("config/master.key")
+
+ switch_env("RAILS_MASTER_KEY", key) do
+ run_edit_command("config/tokens.yml.enc")
+ assert_not File.exist?("config/master.key")
+ end
+ end
+ end
+
test "edit encrypts file with custom key" do
run_edit_command("config/tokens.yml.enc", key: "config/tokens.key")