diff options
Diffstat (limited to 'railties')
-rw-r--r-- | railties/CHANGELOG.md | 5 | ||||
-rw-r--r-- | railties/lib/rails/application.rb | 11 | ||||
-rw-r--r-- | railties/lib/rails/generators/rails/app/templates/config/secrets.yml | 8 | ||||
-rw-r--r-- | railties/test/application/configuration_test.rb | 25 |
4 files changed, 46 insertions, 3 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 41fbf9044c..f3543d5dee 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,2 +1,7 @@ +## Rails 5.1.0.alpha ## + +* Added a shared section to config/secrets.yml that will be loaded for all environments. + + *DHH* Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/railties/CHANGELOG.md) for previous changes. diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index ed106c9918..c383de3e06 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -385,11 +385,16 @@ module Rails def secrets @secrets ||= begin secrets = ActiveSupport::OrderedOptions.new - yaml = config.paths["config/secrets"].first + yaml = config.paths["config/secrets"].first + if File.exist?(yaml) require "erb" - all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {} - env_secrets = all_secrets[Rails.env] + + all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {} + shared_secrets = all_secrets['shared'] + env_secrets = all_secrets[Rails.env] + + secrets.merge!(shared_secrets.symbolize_keys) if shared_secrets secrets.merge!(env_secrets.symbolize_keys) if env_secrets end diff --git a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml index cdea2fd060..8e995a5df1 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml +++ b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml @@ -10,6 +10,13 @@ # Make sure the secrets in this file are kept private # if you're sharing your code publicly. +# Shared secrets are available across all environments. + +shared: + api_key: 123 + +# Environmental secrets are only available for that specific environment. + development: secret_key_base: <%= app_secret %> @@ -18,5 +25,6 @@ test: # Do not keep production secrets in the repository, # instead read values from the environment. + production: secret_key_base: <%%= ENV["SECRET_KEY_BASE"] %> diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 9f3a9cd232..7ec25aeca1 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -555,6 +555,31 @@ module ApplicationTests assert_equal 'myamazonsecretaccesskey', app.secrets.aws_secret_access_key end + test "shared secrets saved in config/secrets.yml are loaded in app secrets" do + app_file 'config/secrets.yml', <<-YAML + shared: + api_key: 3b7cd727 + YAML + + app 'development' + + assert_equal '3b7cd727', app.secrets.api_key + end + + test "shared secrets will yield to environment specific secrets" do + app_file 'config/secrets.yml', <<-YAML + shared: + api_key: 3b7cd727 + + development: + api_key: abc12345 + YAML + + app 'development' + + assert_equal 'abc12345', app.secrets.api_key + end + test "blank config/secrets.yml does not crash the loading process" do app_file 'config/secrets.yml', <<-YAML YAML |