diff options
Diffstat (limited to 'railties/lib')
5 files changed, 18 insertions, 20 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 6ce8b0b2d9..abfec90b6d 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -403,12 +403,12 @@ module Rails end # The secret_key_base is used as the input secret to the application's key generator, which in turn - # is used to create all the MessageVerfiers, including the one that signs and encrypts cookies. + # is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies. # # In test and development, this is simply derived as a MD5 hash of the application's name. # # In all other environments, we look for it first in ENV["SECRET_KEY_BASE"], - # then credentials[:secret_key_base], and finally secrets.secret_key_base. For most applications, + # then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications, # the correct place to store it is in the encrypted credentials file. def secret_key_base if Rails.env.test? || Rails.env.development? diff --git a/railties/lib/rails/commands/credentials/USAGE b/railties/lib/rails/commands/credentials/USAGE index 5bd9f940fd..85877c71b7 100644 --- a/railties/lib/rails/commands/credentials/USAGE +++ b/railties/lib/rails/commands/credentials/USAGE @@ -10,7 +10,7 @@ to get everything working as the keys are shipped with the code. === Setup Applications after Rails 5.2 automatically have a basic credentials file generated -that just contains the secret_key_base used by the MessageVerifiers, like the one +that just contains the secret_key_base used by MessageVerifiers/MessageEncryptors, like the ones signing and encrypting cookies. For applications created prior to Rails 5.2, we'll automatically generate a new diff --git a/railties/lib/rails/commands/credentials/credentials_command.rb b/railties/lib/rails/commands/credentials/credentials_command.rb index 39a4e3c833..88fb032d84 100644 --- a/railties/lib/rails/commands/credentials/credentials_command.rb +++ b/railties/lib/rails/commands/credentials/credentials_command.rb @@ -53,7 +53,6 @@ module Rails def ensure_master_key_has_been_added master_key_generator.add_master_key_file - master_key_generator.ignore_master_key_file end def ensure_credentials_have_been_added diff --git a/railties/lib/rails/generators/rails/app/templates/gitignore b/railties/lib/rails/generators/rails/app/templates/gitignore index c37f01a848..83a7b211aa 100644 --- a/railties/lib/rails/generators/rails/app/templates/gitignore +++ b/railties/lib/rails/generators/rails/app/templates/gitignore @@ -7,9 +7,6 @@ # Ignore bundler config. /.bundle -# Ignore master key for decrypting credentials and more. -/config/master.key - <% if sqlite3? -%> # Ignore the default SQLite database. /db/*.sqlite3 diff --git a/railties/lib/rails/generators/rails/master_key/master_key_generator.rb b/railties/lib/rails/generators/rails/master_key/master_key_generator.rb index 36a0b69e76..a79e83495a 100644 --- a/railties/lib/rails/generators/rails/master_key/master_key_generator.rb +++ b/railties/lib/rails/generators/rails/master_key/master_key_generator.rb @@ -22,6 +22,8 @@ module Rails say "" add_master_key_file_silently key say "" + + ignore_master_key_file end end @@ -29,24 +31,24 @@ module Rails create_file MASTER_KEY_PATH, key || ActiveSupport::EncryptedFile.generate_key end - def ignore_master_key_file - if File.exist?(".gitignore") - unless File.read(".gitignore").include?(key_ignore) - say "Ignoring #{MASTER_KEY_PATH} so it won't end up in Git history:" - say "" - append_to_file ".gitignore", key_ignore + private + def ignore_master_key_file + if File.exist?(".gitignore") + unless File.read(".gitignore").include?(key_ignore) + say "Ignoring #{MASTER_KEY_PATH} so it won't end up in Git history:" + say "" + append_to_file ".gitignore", key_ignore + say "" + end + else + say "IMPORTANT: Don't commit #{MASTER_KEY_PATH}. Add this to your ignore file:" + say key_ignore, :on_green say "" end - else - say "IMPORTANT: Don't commit #{MASTER_KEY_PATH}. Add this to your ignore file:" - say key_ignore, :on_green - say "" end - end - private def key_ignore - [ "", "# Ignore master key for decrypting credentials and more.", MASTER_KEY_PATH, "" ].join("\n") + [ "", "# Ignore master key for decrypting credentials and more.", "/#{MASTER_KEY_PATH}", "" ].join("\n") end end end |