3 files changed, 95 insertions, 31 deletions

diff --git a/railties/lib/rails/commands/credentials/credentials_command.rb b/railties/lib/rails/commands/credentials/credentials_command.rb
index 1ef7c1f343..8085f07c2b 100644
--- a/railties/lib/rails/commands/credentials/credentials_command.rb
+++ b/railties/lib/rails/commands/credentials/credentials_command.rb
@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 require "active_support"
+require "rails/command/helpers/editor"
 
 module Rails
   module Command
     class CredentialsCommand < Rails::Command::Base # :nodoc:
+      include Helpers::Editor
+
       no_commands do
         def help
           say "Usage:\n  #{self.class.banner}"
@@ -16,43 +19,28 @@ module Rails
       def edit
         require_application_and_environment!
 
-        ensure_editor_available || (return)
+        ensure_editor_available(command: "bin/rails credentials:edit") || (return)
         ensure_master_key_has_been_added
         ensure_credentials_have_been_added
 
-        change_credentials_in_system_editor
+        catch_editing_exceptions do
+          change_credentials_in_system_editor
+        end
 
         say "New credentials encrypted and saved."
-      rescue Interrupt
-        say "Aborted changing credentials: nothing saved."
-      rescue ActiveSupport::EncryptedFile::MissingKeyError => error
-        say error.message
       end
 
       def show
         require_application_and_environment!
+
         say Rails.application.credentials.read.presence ||
           "No credentials have been added yet. Use bin/rails credentials:edit to change that."
       end
 
       private
-        def ensure_editor_available
-          if ENV["EDITOR"].to_s.empty?
-            say "No $EDITOR to open credentials in. Assign one like this:"
-            say ""
-            say %(EDITOR="mate --wait" bin/rails credentials:edit)
-            say ""
-            say "For editors that fork and exit immediately, it's important to pass a wait flag,"
-            say "otherwise the credentials will be saved immediately with no chance to edit."
-
-            false
-          else
-            true
-          end
-        end
-
         def ensure_master_key_has_been_added
           master_key_generator.add_master_key_file
+          master_key_generator.ignore_master_key_file
         end
 
         def ensure_credentials_have_been_added
diff --git a/railties/lib/rails/commands/encrypted/encrypted_command.rb b/railties/lib/rails/commands/encrypted/encrypted_command.rb
new file mode 100644
index 0000000000..898094f1a4
--- /dev/null
+++ b/railties/lib/rails/commands/encrypted/encrypted_command.rb
@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require "pathname"
+require "active_support"
+require "rails/command/helpers/editor"
+
+module Rails
+  module Command
+    class EncryptedCommand < Rails::Command::Base # :nodoc:
+      include Helpers::Editor
+
+      class_option :key, aliases: "-k", type: :string,
+        default: "config/master.key", desc: "The Rails.root relative path to the encryption key"
+
+      no_commands do
+        def help
+          say "Usage:\n  #{self.class.banner}"
+          say ""
+        end
+      end
+
+      def edit(file_path)
+        require_application_and_environment!
+
+        ensure_editor_available(command: "bin/rails encrypted:edit") || (return)
+        ensure_encryption_key_has_been_added(options[:key])
+        ensure_encrypted_file_has_been_added(file_path, options[:key])
+
+        catch_editing_exceptions do
+          change_encrypted_file_in_system_editor(file_path, options[:key])
+        end
+
+        say "File encrypted and saved."
+      rescue ActiveSupport::MessageEncryptor::InvalidMessage
+        say "Couldn't decrypt #{file_path}. Perhaps you passed the wrong key?"
+      end
+
+      def show(file_path)
+        require_application_and_environment!
+
+        say Rails.application.encrypted(file_path, key_path: options[:key]).read.presence ||
+          "File '#{file_path}' does not exist. Use bin/rails encrypted:edit #{file_path} to change that."
+      end
+
+      private
+        def ensure_encryption_key_has_been_added(key_path)
+          encryption_key_file_generator.add_key_file(key_path)
+          encryption_key_file_generator.ignore_key_file(key_path)
+        end
+
+        def ensure_encrypted_file_has_been_added(file_path, key_path)
+          encrypted_file_generator.add_encrypted_file_silently(file_path, key_path)
+        end
+
+        def change_encrypted_file_in_system_editor(file_path, key_path)
+          Rails.application.encrypted(file_path, key_path: key_path).change do |tmp_path|
+            system("#{ENV["EDITOR"]} #{tmp_path}")
+          end
+        end
+
+
+        def encryption_key_file_generator
+          require "rails/generators"
+          require "rails/generators/rails/encryption_key_file/encryption_key_file_generator"
+
+          Rails::Generators::EncryptionKeyFileGenerator.new
+        end
+
+        def encrypted_file_generator
+          require "rails/generators"
+          require "rails/generators/rails/encrypted_file/encrypted_file_generator"
+
+          Rails::Generators::EncryptedFileGenerator.new
+        end
+    end
+  end
+end
diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb
index c91139e33b..73a88767e2 100644
--- a/railties/lib/rails/commands/secrets/secrets_command.rb
+++ b/railties/lib/rails/commands/secrets/secrets_command.rb
@@ -15,7 +15,7 @@ module Rails
       end
 
       def setup
-        generator.start
+        deprecate_in_favor_of_credentials_and_exit
       end
 
       def edit
@@ -42,11 +42,10 @@ module Rails
       rescue Rails::Secrets::MissingKeyError => error
         say error.message
       rescue Errno::ENOENT => error
-        raise unless error.message =~ /secrets\.yml\.enc/
-
-        Rails::Secrets.read_template_for_editing do |tmp_path|
-          system("#{ENV["EDITOR"]} #{tmp_path}")
-          generator.skip_secrets_file { setup }
+        if error.message =~ /secrets\.yml\.enc/
+          deprecate_in_favor_of_credentials_and_exit
+        else
+          raise
         end
       end
 
@@ -55,11 +54,11 @@ module Rails
       end
 
       private
-        def generator
-          require "rails/generators"
-          require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
+        def deprecate_in_favor_of_credentials_and_exit
+          say "Encrypted secrets is deprecated in favor of credentials. Run:"
+          say "bin/rails credentials --help"
 
-          Rails::Generators::EncryptedSecretsGenerator
+          exit 1
         end
     end
   end