diff options
author | Wojciech Wnętrzak <w.wnetrzak@gmail.com> | 2018-09-19 23:02:00 +0200 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2018-09-19 14:02:00 -0700 |
commit | e0d3313bac6bd2fbf10df27d79d72157f63ae6ba (patch) | |
tree | 3bab715b83dff89b0ef98f2828f71af68903aec8 /railties/lib/rails/application/configuration.rb | |
parent | e184d1a94e3ecfbc22823fbb9097992158a40cb2 (diff) | |
download | rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.tar.gz rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.tar.bz2 rails-e0d3313bac6bd2fbf10df27d79d72157f63ae6ba.zip |
Support environment specific credentials file. (#33521)
For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by
`ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key.
Edit given environment credentials file by command `rails credentials:edit --environment production`.
Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
Diffstat (limited to 'railties/lib/rails/application/configuration.rb')
-rw-r--r-- | railties/lib/rails/application/configuration.rb | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb index f4cbd2b9d0..eae902a938 100644 --- a/railties/lib/rails/application/configuration.rb +++ b/railties/lib/rails/application/configuration.rb @@ -17,7 +17,7 @@ module Rails :session_options, :time_zone, :reload_classes_only_on_change, :beginning_of_week, :filter_redirect, :x, :enable_dependency_loading, :read_encrypted_secrets, :log_level, :content_security_policy_report_only, - :content_security_policy_nonce_generator, :require_master_key + :content_security_policy_nonce_generator, :require_master_key, :credentials attr_reader :encoding, :api_only, :loaded_config_version @@ -60,6 +60,9 @@ module Rails @content_security_policy_nonce_generator = nil @require_master_key = false @loaded_config_version = nil + @credentials = ActiveSupport::OrderedOptions.new + @credentials.content_path = default_credentials_content_path + @credentials.key_path = default_credentials_key_path end def load_defaults(target_version) @@ -273,6 +276,27 @@ module Rails true end end + + private + def credentials_available_for_current_env? + File.exist?("#{root}/config/credentials/#{Rails.env}.yml.enc") + end + + def default_credentials_content_path + if credentials_available_for_current_env? + File.join(root, "config", "credentials", "#{Rails.env}.yml.enc") + else + File.join(root, "config", "credentials.yml.enc") + end + end + + def default_credentials_key_path + if credentials_available_for_current_env? + File.join(root, "config", "credentials", "#{Rails.env}.key") + else + File.join(root, "config", "master.key") + end + end end end end |