aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--railties/CHANGELOG.md5
-rw-r--r--railties/lib/rails/application.rb11
-rw-r--r--railties/lib/rails/generators/rails/app/templates/config/secrets.yml8
-rw-r--r--railties/test/application/configuration_test.rb25
4 files changed, 46 insertions, 3 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index 41fbf9044c..f3543d5dee 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,2 +1,7 @@
+## Rails 5.1.0.alpha ##
+
+* Added a shared section to config/secrets.yml that will be loaded for all environments.
+
+ *DHH*
Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/railties/CHANGELOG.md) for previous changes.
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index ed106c9918..c383de3e06 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -385,11 +385,16 @@ module Rails
def secrets
@secrets ||= begin
secrets = ActiveSupport::OrderedOptions.new
- yaml = config.paths["config/secrets"].first
+ yaml = config.paths["config/secrets"].first
+
if File.exist?(yaml)
require "erb"
- all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
- env_secrets = all_secrets[Rails.env]
+
+ all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
+ shared_secrets = all_secrets['shared']
+ env_secrets = all_secrets[Rails.env]
+
+ secrets.merge!(shared_secrets.symbolize_keys) if shared_secrets
secrets.merge!(env_secrets.symbolize_keys) if env_secrets
end
diff --git a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
index cdea2fd060..8e995a5df1 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
+++ b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
@@ -10,6 +10,13 @@
# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
+# Shared secrets are available across all environments.
+
+shared:
+ api_key: 123
+
+# Environmental secrets are only available for that specific environment.
+
development:
secret_key_base: <%= app_secret %>
@@ -18,5 +25,6 @@ test:
# Do not keep production secrets in the repository,
# instead read values from the environment.
+
production:
secret_key_base: <%%= ENV["SECRET_KEY_BASE"] %>
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 9f3a9cd232..7ec25aeca1 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -555,6 +555,31 @@ module ApplicationTests
assert_equal 'myamazonsecretaccesskey', app.secrets.aws_secret_access_key
end
+ test "shared secrets saved in config/secrets.yml are loaded in app secrets" do
+ app_file 'config/secrets.yml', <<-YAML
+ shared:
+ api_key: 3b7cd727
+ YAML
+
+ app 'development'
+
+ assert_equal '3b7cd727', app.secrets.api_key
+ end
+
+ test "shared secrets will yield to environment specific secrets" do
+ app_file 'config/secrets.yml', <<-YAML
+ shared:
+ api_key: 3b7cd727
+
+ development:
+ api_key: abc12345
+ YAML
+
+ app 'development'
+
+ assert_equal 'abc12345', app.secrets.api_key
+ end
+
test "blank config/secrets.yml does not crash the loading process" do
app_file 'config/secrets.yml', <<-YAML
YAML
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 16:55:22 +0000