diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2018-09-24 14:07:32 +0200 |
---|---|---|
committer | Kasper Timm Hansen <kaspth@gmail.com> | 2019-01-14 20:13:00 +0100 |
commit | 37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6 (patch) | |
tree | 82478e0ca821b42b3cdc63d22a50da70f4ba4473 /railties/CHANGELOG.md | |
parent | 3631d7eee4bd034f2eefe1b9892d5fcd565579ac (diff) | |
download | rails-37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6.tar.gz rails-37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6.tar.bz2 rails-37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6.zip |
Restructure credentials after environment overrides.
Follow up to: e0d3313
- Revert renames from `encrypted` and `encrypted_file` back to `credentials`.
They might be using our Encrypted* generators but from that level of abstraction
they're still about credentials.
- Same vein: extract a `credentials` method for the `encrypted` local variable. But
don't call it `encrypted` just because it uses that under the hood. It's about
capturing the credentials. It's also useful in `change_credentials_in_system_editor`.
- Remove lots of needless argument passing. We've abstracted content_path and key_path
into methods for a reason, so they should be used. Also spares a conspicuous rename
of content_path into file_path in other methods.
- Reorders private methods so they're grouped into: command building blocks, option
parsers, and the generators.
- Extracts commonality in the credentials application tests. A tad unsure about this.
But I do like that we go with key, content thus matching the command and remove the
yield which isn't really needed.
- Moves test/credentials_test.rb to beneath the test/application directory. It's a
Rails application test, so it should be in there.
- Uses `root.join` — a neat trick gleaned from the tests! — and composes the configuration
private methods such that the building block is below the callers.
Diffstat (limited to 'railties/CHANGELOG.md')
-rw-r--r-- | railties/CHANGELOG.md | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 673b6eac86..aca55fae80 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -116,12 +116,20 @@ *Richard Schneeman* -* Support environment specific credentials file. +* Support environment specific credentials overrides. - For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by - `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. - Edit given environment credentials file by command `rails credentials:edit --environment production`. - Default paths can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`. + So any environment will look for `config/credentials/#{Rails.env}.yml.enc` and fall back + to `config/credentials.yml.enc`. + + The encryption key can be in `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key`. + + Environment credentials overrides can be edited with `rails credentials:edit --environment production`. + If no override is setup for the passed environment, it will be created. + + Additionally, the default lookup paths can be overwritten with these configs: + + - `config.credentials.content_path` + - `config.credentials.key_path` *Wojciech Wnętrzak* |