diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2019-01-16 22:00:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-16 22:00:51 +0100 |
commit | cb3f78aa7c8f14921501703ed0780f2a428bc6a1 (patch) | |
tree | 8eb4807d949160d38a3d239ea33d37318d38b5aa /railties/lib/rails/commands | |
parent | d49899c15431104f8dad374363bac57479b4bd39 (diff) | |
parent | 7e52e3b1c004eb22521c844b6adf69a2689cc1da (diff) | |
download | rails-cb3f78aa7c8f14921501703ed0780f2a428bc6a1.tar.gz rails-cb3f78aa7c8f14921501703ed0780f2a428bc6a1.tar.bz2 rails-cb3f78aa7c8f14921501703ed0780f2a428bc6a1.zip |
Merge branch 'master' into db_system_change_command
Diffstat (limited to 'railties/lib/rails/commands')
-rw-r--r-- | railties/lib/rails/commands/credentials/USAGE | 21 | ||||
-rw-r--r-- | railties/lib/rails/commands/credentials/credentials_command.rb | 56 |
2 files changed, 43 insertions, 34 deletions
diff --git a/railties/lib/rails/commands/credentials/USAGE b/railties/lib/rails/commands/credentials/USAGE index 6b33d1ab74..d235592f46 100644 --- a/railties/lib/rails/commands/credentials/USAGE +++ b/railties/lib/rails/commands/credentials/USAGE @@ -41,9 +41,18 @@ from leaking. === Environment Specific Credentials -It is possible to have credentials for each environment. If the file for current environment exists it will take -precedence over `config/credentials.yml.enc`, thus for `production` environment first look for -`config/credentials/production.yml.enc` that can be decrypted using master key taken from `ENV["RAILS_MASTER_KEY"]` -or stored in `config/credentials/production.key`. -To edit given file use command `rails credentials:edit --environment production` -Default paths can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`. +The `credentials` command supports passing an `--environment` option to create an +environment specific override. That override will takes precedence over the +global `config/credentials.yml.enc` file when running in that environment. So: + + rails credentials:edit --environment development + +will create `config/credentials/development.yml.enc` with the corresponding +encryption key in `config/credentials/development.key` if the credentials file +doesn't exist. + +The encryption key can also be put in `ENV["RAILS_MASTER_KEY"]`, which takes +precedence over the file encryption key. + +In addition to that, the default credentials lookup paths can be overriden through +`config.credentials.content_path` and `config.credentials.key_path`. diff --git a/railties/lib/rails/commands/credentials/credentials_command.rb b/railties/lib/rails/commands/credentials/credentials_command.rb index 4b30d208e0..852cd401d7 100644 --- a/railties/lib/rails/commands/credentials/credentials_command.rb +++ b/railties/lib/rails/commands/credentials/credentials_command.rb @@ -24,13 +24,11 @@ module Rails ensure_editor_available(command: "bin/rails credentials:edit") || (return) - encrypted = Rails.application.encrypted(content_path, key_path: key_path) - - ensure_encryption_key_has_been_added(key_path) if encrypted.key.nil? - ensure_encrypted_file_has_been_added(content_path, key_path) + ensure_encryption_key_has_been_added if credentials.key.nil? + ensure_credentials_have_been_added catch_editing_exceptions do - change_encrypted_file_in_system_editor(content_path, key_path) + change_credentials_in_system_editor end say "File encrypted and saved." @@ -41,36 +39,46 @@ module Rails def show require_application_and_environment! - encrypted = Rails.application.encrypted(content_path, key_path: key_path) - - say encrypted.read.presence || missing_encrypted_message(key: encrypted.key, key_path: key_path, file_path: content_path) + say credentials.read.presence || missing_credentials_message end private - def content_path - options[:environment] ? "config/credentials/#{options[:environment]}.yml.enc" : "config/credentials.yml.enc" - end - - def key_path - options[:environment] ? "config/credentials/#{options[:environment]}.key" : "config/master.key" + def credentials + Rails.application.encrypted(content_path, key_path: key_path) end - - def ensure_encryption_key_has_been_added(key_path) + def ensure_encryption_key_has_been_added encryption_key_file_generator.add_key_file(key_path) encryption_key_file_generator.ignore_key_file(key_path) end - def ensure_encrypted_file_has_been_added(file_path, key_path) - encrypted_file_generator.add_encrypted_file_silently(file_path, key_path) + def ensure_credentials_have_been_added + encrypted_file_generator.add_encrypted_file_silently(content_path, key_path) end - def change_encrypted_file_in_system_editor(file_path, key_path) - Rails.application.encrypted(file_path, key_path: key_path).change do |tmp_path| + def change_credentials_in_system_editor + credentials.change do |tmp_path| system("#{ENV["EDITOR"]} #{tmp_path}") end end + def missing_credentials_message + if credentials.key.nil? + "Missing '#{key_path}' to decrypt credentials. See `rails credentials:help`" + else + "File '#{content_path}' does not exist. Use `rails credentials:edit` to change that." + end + end + + + def content_path + options[:environment] ? "config/credentials/#{options[:environment]}.yml.enc" : "config/credentials.yml.enc" + end + + def key_path + options[:environment] ? "config/credentials/#{options[:environment]}.key" : "config/master.key" + end + def encryption_key_file_generator require "rails/generators" @@ -85,14 +93,6 @@ module Rails Rails::Generators::EncryptedFileGenerator.new end - - def missing_encrypted_message(key:, key_path:, file_path:) - if key.nil? - "Missing '#{key_path}' to decrypt credentials. See `rails credentials:help`" - else - "File '#{file_path}' does not exist. Use `rails credentials:edit` to change that." - end - end end end end |