diff options
Diffstat (limited to 'railties/lib/rails/commands/secrets')
| -rw-r--r-- | railties/lib/rails/commands/secrets/USAGE | 6 | ||||
| -rw-r--r-- | railties/lib/rails/commands/secrets/secrets_command.rb | 21 |
2 files changed, 13 insertions, 14 deletions
diff --git a/railties/lib/rails/commands/secrets/USAGE b/railties/lib/rails/commands/secrets/USAGE index 96e322fe91..e205cdc001 100644 --- a/railties/lib/rails/commands/secrets/USAGE +++ b/railties/lib/rails/commands/secrets/USAGE @@ -7,7 +7,7 @@ with the code. === Setup -Run `bin/rails secrets:setup` to opt in and generate the `config/secrets.yml.key` +Run `rails secrets:setup` to opt in and generate the `config/secrets.yml.key` and `config/secrets.yml.enc` files. The latter contains all the keys to be encrypted while the former holds the @@ -45,12 +45,12 @@ the key. Add this: config.read_encrypted_secrets = true -to the environment you'd like to read encrypted secrets. `bin/rails secrets:setup` +to the environment you'd like to read encrypted secrets. `rails secrets:setup` inserts this into the production environment by default. === Editing Secrets -After `bin/rails secrets:setup`, run `bin/rails secrets:edit`. +After `rails secrets:setup`, run `rails secrets:edit`. That command opens a temporary file in `$EDITOR` with the decrypted contents of `config/secrets.yml.enc` to edit the encrypted secrets. diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index c91139e33b..2eebc0f35f 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -15,14 +15,14 @@ module Rails end def setup - generator.start + deprecate_in_favor_of_credentials_and_exit end def edit if ENV["EDITOR"].to_s.empty? say "No $EDITOR to open decrypted secrets in. Assign one like this:" say "" - say %(EDITOR="mate --wait" bin/rails secrets:edit) + say %(EDITOR="mate --wait" rails secrets:edit) say "" say "For editors that fork and exit immediately, it's important to pass a wait flag," say "otherwise the secrets will be saved immediately with no chance to edit." @@ -42,11 +42,10 @@ module Rails rescue Rails::Secrets::MissingKeyError => error say error.message rescue Errno::ENOENT => error - raise unless error.message =~ /secrets\.yml\.enc/ - - Rails::Secrets.read_template_for_editing do |tmp_path| - system("#{ENV["EDITOR"]} #{tmp_path}") - generator.skip_secrets_file { setup } + if /secrets\.yml\.enc/.match?(error.message) + deprecate_in_favor_of_credentials_and_exit + else + raise end end @@ -55,11 +54,11 @@ module Rails end private - def generator - require "rails/generators" - require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" + def deprecate_in_favor_of_credentials_and_exit + say "Encrypted secrets is deprecated in favor of credentials. Run:" + say "rails credentials:help" - Rails::Generators::EncryptedSecretsGenerator + exit 1 end end end |