Support environment specific credentials file. (#33521)

For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
author: Wojciech Wnętrzak <w.wnetrzak@gmail.com> 2018-09-19 23:02:00 +0200
committer: David Heinemeier Hansson <david@loudthinking.com> 2018-09-19 14:02:00 -0700
commit: e0d3313bac6bd2fbf10df27d79d72157f63ae6ba (patch)
tree: 3bab715b83dff89b0ef98f2828f71af68903aec8 /railties/lib/rails/application/configuration.rb
parent: e184d1a94e3ecfbc22823fbb9097992158a40cb2 (diff)
download: rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.tar.gz
rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.tar.bz2
rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.zip
1 files changed, 25 insertions, 1 deletions
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index f4cbd2b9d0..eae902a938 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -17,7 +17,7 @@ module Rails
                     :session_options, :time_zone, :reload_classes_only_on_change,
                     :beginning_of_week, :filter_redirect, :x, :enable_dependency_loading,
                     :read_encrypted_secrets, :log_level, :content_security_policy_report_only,
-                    :content_security_policy_nonce_generator, :require_master_key
+                    :content_security_policy_nonce_generator, :require_master_key, :credentials
 
       attr_reader :encoding, :api_only, :loaded_config_version
 
@@ -60,6 +60,9 @@ module Rails
         @content_security_policy_nonce_generator = nil
         @require_master_key                      = false
         @loaded_config_version                   = nil
+        @credentials                             = ActiveSupport::OrderedOptions.new
+        @credentials.content_path                = default_credentials_content_path
+        @credentials.key_path                    = default_credentials_key_path
       end
 
       def load_defaults(target_version)
@@ -273,6 +276,27 @@ module Rails
           true
         end
       end
+
+      private
+        def credentials_available_for_current_env?
+          File.exist?("#{root}/config/credentials/#{Rails.env}.yml.enc")
+        end
+
+        def default_credentials_content_path
+          if credentials_available_for_current_env?
+            File.join(root, "config", "credentials", "#{Rails.env}.yml.enc")
+          else
+            File.join(root, "config", "credentials.yml.enc")
+          end
+        end
+
+        def default_credentials_key_path
+          if credentials_available_for_current_env?
+            File.join(root, "config", "credentials", "#{Rails.env}.key")
+          else
+            File.join(root, "config", "master.key")
+          end
+        end
     end
   end
 end
author	Wojciech Wnętrzak <w.wnetrzak@gmail.com>	2018-09-19 23:02:00 +0200
committer	David Heinemeier Hansson <david@loudthinking.com>	2018-09-19 14:02:00 -0700
commit	e0d3313bac6bd2fbf10df27d79d72157f63ae6ba (patch)
tree	3bab715b83dff89b0ef98f2828f71af68903aec8 /railties/lib/rails/application/configuration.rb
parent	e184d1a94e3ecfbc22823fbb9097992158a40cb2 (diff)
download	rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.tar.gz rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.tar.bz2 rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.zip