diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2018-09-24 14:07:32 +0200 |
|---|---|---|
| committer | Kasper Timm Hansen <kaspth@gmail.com> | 2019-01-14 20:13:00 +0100 |
| commit | 37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6 (patch) | |
| tree | 82478e0ca821b42b3cdc63d22a50da70f4ba4473 /railties/lib/rails/commands/credentials/USAGE | |
| parent | 3631d7eee4bd034f2eefe1b9892d5fcd565579ac (diff) | |
| download | rails-37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6.tar.gz rails-37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6.tar.bz2 rails-37c948ce6715df8ecbcda2b64a1e6eee9c5d6bb6.zip | |
Restructure credentials after environment overrides.
Follow up to: e0d3313
- Revert renames from `encrypted` and `encrypted_file` back to `credentials`.
They might be using our Encrypted* generators but from that level of abstraction
they're still about credentials.
- Same vein: extract a `credentials` method for the `encrypted` local variable. But
don't call it `encrypted` just because it uses that under the hood. It's about
capturing the credentials. It's also useful in `change_credentials_in_system_editor`.
- Remove lots of needless argument passing. We've abstracted content_path and key_path
into methods for a reason, so they should be used. Also spares a conspicuous rename
of content_path into file_path in other methods.
- Reorders private methods so they're grouped into: command building blocks, option
parsers, and the generators.
- Extracts commonality in the credentials application tests. A tad unsure about this.
But I do like that we go with key, content thus matching the command and remove the
yield which isn't really needed.
- Moves test/credentials_test.rb to beneath the test/application directory. It's a
Rails application test, so it should be in there.
- Uses `root.join` — a neat trick gleaned from the tests! — and composes the configuration
private methods such that the building block is below the callers.
Diffstat (limited to 'railties/lib/rails/commands/credentials/USAGE')
| -rw-r--r-- | railties/lib/rails/commands/credentials/USAGE | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/railties/lib/rails/commands/credentials/USAGE b/railties/lib/rails/commands/credentials/USAGE index 6b33d1ab74..d235592f46 100644 --- a/railties/lib/rails/commands/credentials/USAGE +++ b/railties/lib/rails/commands/credentials/USAGE @@ -41,9 +41,18 @@ from leaking. === Environment Specific Credentials -It is possible to have credentials for each environment. If the file for current environment exists it will take -precedence over `config/credentials.yml.enc`, thus for `production` environment first look for -`config/credentials/production.yml.enc` that can be decrypted using master key taken from `ENV["RAILS_MASTER_KEY"]` -or stored in `config/credentials/production.key`. -To edit given file use command `rails credentials:edit --environment production` -Default paths can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`. +The `credentials` command supports passing an `--environment` option to create an +environment specific override. That override will takes precedence over the +global `config/credentials.yml.enc` file when running in that environment. So: + + rails credentials:edit --environment development + +will create `config/credentials/development.yml.enc` with the corresponding +encryption key in `config/credentials/development.key` if the credentials file +doesn't exist. + +The encryption key can also be put in `ENV["RAILS_MASTER_KEY"]`, which takes +precedence over the file encryption key. + +In addition to that, the default credentials lookup paths can be overriden through +`config.credentials.content_path` and `config.credentials.key_path`. |