diff options
Diffstat (limited to 'railties/lib/rails/commands/secrets')
-rw-r--r-- | railties/lib/rails/commands/secrets/USAGE | 8 | ||||
-rw-r--r-- | railties/lib/rails/commands/secrets/secrets_command.rb | 39 |
2 files changed, 36 insertions, 11 deletions
diff --git a/railties/lib/rails/commands/secrets/USAGE b/railties/lib/rails/commands/secrets/USAGE index 4b7deb4e2a..96e322fe91 100644 --- a/railties/lib/rails/commands/secrets/USAGE +++ b/railties/lib/rails/commands/secrets/USAGE @@ -40,6 +40,14 @@ be encrypted. A `shared:` top level key is also supported such that any keys there is merged into the other environments. +Additionally, Rails won't read encrypted secrets out of the box even if you have +the key. Add this: + + config.read_encrypted_secrets = true + +to the environment you'd like to read encrypted secrets. `bin/rails secrets:setup` +inserts this into the production environment by default. + === Editing Secrets After `bin/rails secrets:setup`, run `bin/rails secrets:edit`. diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index b9ae5d8b3b..45e02fa730 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -1,20 +1,19 @@ require "active_support" -require "rails/secrets" +require_relative "../../secrets" module Rails module Command class SecretsCommand < Rails::Command::Base # :nodoc: - def help - say "Usage:\n #{self.class.banner}" - say "" - say self.class.desc + no_commands do + def help + say "Usage:\n #{self.class.banner}" + say "" + say self.class.desc + end end def setup - require "rails/generators" - require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" - - Rails::Generators::EncryptedSecretsGenerator.start + generator.start end def edit @@ -32,8 +31,7 @@ module Rails require_application_and_environment! Rails::Secrets.read_for_editing do |tmp_path| - say "Waiting for secrets file to be saved. Abort with Ctrl-C." - system("\$EDITOR #{tmp_path}") + system("#{ENV["EDITOR"]} #{tmp_path}") end say "New secrets encrypted and saved." @@ -41,7 +39,26 @@ module Rails say "Aborted changing encrypted secrets: nothing saved." rescue Rails::Secrets::MissingKeyError => error say error.message + rescue Errno::ENOENT => error + raise unless error.message =~ /secrets\.yml\.enc/ + + Rails::Secrets.read_template_for_editing do |tmp_path| + system("#{ENV["EDITOR"]} #{tmp_path}") + generator.skip_secrets_file { setup } + end end + + def show + say Rails::Secrets.read + end + + private + def generator + require_relative "../../generators" + require_relative "../../generators/rails/encrypted_secrets/encrypted_secrets_generator" + + Rails::Generators::EncryptedSecretsGenerator + end end end end |