diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2017-11-15 21:31:50 +0100 |
|---|---|---|
| committer | Kasper Timm Hansen <kaspth@gmail.com> | 2017-11-15 21:31:57 +0100 |
| commit | 68479d09ba6bbd583055672eb70518c1586ae534 (patch) | |
| tree | 81f7864cc1340921037fdd6c35642e105aaa04ea /railties/lib/rails/generators | |
| parent | 415d0543a527dcd2e099dcd819c6938f3dcac54a (diff) | |
| parent | 7a8728a03986489e1c843ed850afc2c16fb6eb06 (diff) | |
| download | rails-68479d09ba6bbd583055672eb70518c1586ae534.tar.gz rails-68479d09ba6bbd583055672eb70518c1586ae534.tar.bz2 rails-68479d09ba6bbd583055672eb70518c1586ae534.zip | |
Merge branch 'freeletics-manage-multiple-credential-files'
Fixes https://github.com/rails/rails/pull/30940
Diffstat (limited to 'railties/lib/rails/generators')
3 files changed, 100 insertions, 15 deletions
diff --git a/railties/lib/rails/generators/rails/encrypted_file/encrypted_file_generator.rb b/railties/lib/rails/generators/rails/encrypted_file/encrypted_file_generator.rb new file mode 100644 index 0000000000..ddce5f6fe2 --- /dev/null +++ b/railties/lib/rails/generators/rails/encrypted_file/encrypted_file_generator.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +require "rails/generators/base" +require "active_support/encrypted_file" + +module Rails + module Generators + class EncryptedFileGenerator < Base + def add_encrypted_file(file_path, key_path) + unless File.exist?(file_path) + say "Adding #{file_path} to store encrypted content." + say "" + say "The following content has been encrypted with the encryption key:" + say "" + say template, :on_green + say "" + + add_encrypted_file_silently(file_path, key_path) + + say "You can edit encrypted file with `bin/rails encrypted:edit #{file_path}`." + say "" + end + end + + def add_encrypted_file_silently(file_path, key_path, template = encrypted_file_template) + unless File.exist?(file_path) + setup = { content_path: file_path, key_path: key_path, env_key: "RAILS_MASTER_KEY" } + ActiveSupport::EncryptedFile.new(setup).write(template) + end + end + + private + def encrypted_file_template + "# aws:\n# access_key_id: 123\n# secret_access_key: 345\n\n" + end + end + end +end diff --git a/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb new file mode 100644 index 0000000000..dd0d0c6c66 --- /dev/null +++ b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb @@ -0,0 +1,53 @@ +# frozen_string_literal: true + +require "pathname" +require "rails/generators/base" +require "active_support/encrypted_file" + +module Rails + module Generators + class EncryptionKeyFileGenerator < Base + def add_key_file(key_path) + key_path = Pathname.new(key_path) + + unless key_path.exist? + key = ActiveSupport::EncryptedFile.generate_key + + log "Adding #{key_path} to store the encryption key: #{key}" + log "" + log "Save this in a password manager your team can access." + log "" + log "If you lose the key, no one, including you, can access anything encrypted with it." + + log "" + add_key_file_silently(key_path, key) + log "" + end + end + + def add_key_file_silently(key_path, key = nil) + create_file key_path, key || ActiveSupport::EncryptedFile.generate_key + end + + def ignore_key_file(key_path, ignore: key_ignore(key_path)) + if File.exist?(".gitignore") + unless File.read(".gitignore").include?(ignore) + log "Ignoring #{key_path} so it won't end up in Git history:" + log "" + append_to_file ".gitignore", ignore + log "" + end + else + log "IMPORTANT: Don't commit #{key_path}. Add this to your ignore file:" + log ignore, :on_green + log "" + end + end + + private + def key_ignore(key_path) + [ "", "/#{key_path}", "" ].join("\n") + end + end + end +end diff --git a/railties/lib/rails/generators/rails/master_key/master_key_generator.rb b/railties/lib/rails/generators/rails/master_key/master_key_generator.rb index 29d83f5d81..e57f07c1ae 100644 --- a/railties/lib/rails/generators/rails/master_key/master_key_generator.rb +++ b/railties/lib/rails/generators/rails/master_key/master_key_generator.rb @@ -1,7 +1,8 @@ # frozen_string_literal: true -require "rails/generators/base" require "pathname" +require "rails/generators/base" +require "rails/generators/rails/encryption_key_file/encryption_key_file_generator" require "active_support/encrypted_file" module Rails @@ -20,31 +21,24 @@ module Rails log "If you lose the key, no one, including you, can access anything encrypted with it." log "" - add_master_key_file_silently key + add_master_key_file_silently(key) log "" end end def add_master_key_file_silently(key = nil) - create_file MASTER_KEY_PATH, key || ActiveSupport::EncryptedFile.generate_key + key_file_generator.add_key_file_silently(MASTER_KEY_PATH, key) end def ignore_master_key_file - if File.exist?(".gitignore") - unless File.read(".gitignore").include?(key_ignore) - log "Ignoring #{MASTER_KEY_PATH} so it won't end up in Git history:" - log "" - append_to_file ".gitignore", key_ignore - log "" - end - else - log "IMPORTANT: Don't commit #{MASTER_KEY_PATH}. Add this to your ignore file:" - log key_ignore, :on_green - log "" - end + key_file_generator.ignore_key_file(MASTER_KEY_PATH, ignore: key_ignore) end private + def key_file_generator + EncryptionKeyFileGenerator.new + end + def key_ignore [ "", "# Ignore master key for decrypting credentials and more.", "/#{MASTER_KEY_PATH}", "" ].join("\n") end |