aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/secrets.rb
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate encrypted secrets in favor of credentials.Kasper Timm Hansen2017-11-121-17/+0
| | | | | | | | Allow edits of existing encrypted secrets generated on Rails 5.1, but refer to credentials when attempting to setup. This also removes the need for any of the setup code, so the generator can be ripped out altogether.
* Fix indentation in the template for secretsYoshiyuki Hirano2017-08-231-1/+1
|
* Adding frozen_string_literal pragma to Railties.Pat Allan2017-08-141-0/+2
|
* Allow to edit secrets in mutiple apps at the same timeyuuji.yaginuma2017-07-131-1/+2
| | | | | | | | | | | In encrypted secrets, the tmp file is used as a fixed file (`secrets.yml.enc` under the tmp directory). And that tmp file will be removed after process. Therefore, if edit secrets at the same time with multiple applications, the tmp file was conflicting. In order to avoid the above issue, added pid to tmp file.
* Treat secrets as binaryyuuji.yaginuma2017-07-091-2/+2
| | | | | | | | | | | | | | | | | Until Rails 5.1.1 secrets was treated as binary inside Rails. https://github.com/rails/rails/blob/v5.1.1/railties/lib/rails/secrets.rb#L59 https://github.com/rails/rails/blob/v5.1.1/railties/lib/rails/secrets.rb#L63 However, it is treated as String in Rails 5.1.2(changed by 157db872103429e8782b62d1cb5d1d91337177a7). https://github.com/rails/rails/blob/v5.1.2/railties/lib/rails/secrets.rb#L104 https://github.com/rails/rails/blob/v5.1.2/railties/lib/rails/secrets.rb#L108 As a result, when upgrading from Rails 5.1.1 to 5.1.2, to write the value treated as binary using `File.write`, causing an error. In order to avoid `UndefinedConversionError`, fixed it to treat it as binary like 5.1.1. Fixes #29696
* Do not update `secrets.yml.enc` when secretes do not changeyuuji.yaginuma2017-07-071-1/+3
| | | | | | | | | | | Currently, if open a file with `secrets:edit` command, `secrets.yml.enc` will be changed even if its contents do not change. Therefore, even if only want to check secrets, the difference will come out. This is a little inconvenient. As a fix to the above problem, when content does not change, `secrets.yml.ecn` is fixed so that it is not changed.
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Do not use UTF8 in test SecretsCommandTest#test_edit_secretsPavel Valena2017-05-301-1/+1
|
* Reorder first secrets edit flow.Kasper Timm Hansen2017-05-251-8/+26
| | | | | | Setup config/secrets.yml.enc with template contents for people to edit. Then generate encryption key and encrypt the initial secrets.
* Use the config value directly when call `secrets`yuuji.yaginuma2017-04-161-8/+2
| | | | | | | | | | | Currently, `read_encrypted_secrets` is set with initializer. Therefore if refer to `secrets` in config, `read_encrypted_secrets` is false, so can not get the value of `secrets.yml.enc`. In order to be able to refer to secrets in config, modified to refer to `config.read_encrypted_secrets` when calling `secrets`. Fixes #28618.
* Inline CIPHER constant.Kasper Timm Hansen2017-03-021-6/+3
|
* Move key packing into encryptor.Kasper Timm Hansen2017-03-021-3/+2
|
* Add back yaml require.Kasper Timm Hansen2017-03-021-0/+1
|
* Default Secrets to AES-128-GCM, using ActiveSupport::MessageEncryptorStephen Touset2017-03-011-15/+13
| | | | Fixes #28135.
* Revert "Revert "Add encrypted secrets""Kasper Timm Hansen2017-02-231-0/+111
|
* Revert "Add encrypted secrets" (#28127)David Heinemeier Hansson2017-02-231-111/+0
|
* Add encrypted secrets (#28038)Kasper Timm Hansen2017-02-231-0/+111