From 11660945696155c86a05260795e1a0afce0d291d Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Thu, 23 Feb 2017 15:01:02 +0100 Subject: Add encrypted secrets (#28038) --- .../lib/rails/commands/secrets/secrets_command.rb | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 railties/lib/rails/commands/secrets/secrets_command.rb (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb new file mode 100644 index 0000000000..05e0c228e8 --- /dev/null +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -0,0 +1,50 @@ +require "active_support" +require "rails/secrets" + +module Rails + module Command + class SecretsCommand < Rails::Command::Base # :nodoc: + def help + say "Usage:\n #{self.class.banner}" + say "" + say self.class.desc + end + + def setup + require "rails/generators" + require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" + + Rails::Generators::EncryptedSecretsGenerator.start + end + + def edit + require_application_and_environment! + + Rails::Secrets.read_for_editing do |tmp_path| + watch tmp_path do + puts "Waiting for secrets file to be saved. Abort with Ctrl-C." + system("\$EDITOR #{tmp_path}") + end + end + + puts "New secrets encrypted and saved." + rescue Interrupt + puts "Aborted changing encrypted secrets: nothing saved." + rescue Rails::Secrets::MissingKeyError => error + say error.message + end + + private + def watch(tmp_path) + mtime, start_time = File.mtime(tmp_path), Time.now + + yield + + editor_exits_after_open = $?.success? && (Time.now - start_time) < 1 + if editor_exits_after_open + sleep 0.250 until File.mtime(tmp_path) != mtime + end + end + end + end +end -- cgit v1.2.3 From 039380e3eeb24ed17f1824183b94638f0cfff747 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Thu, 23 Feb 2017 15:55:15 +0100 Subject: Revert "Add encrypted secrets" (#28127) --- .../lib/rails/commands/secrets/secrets_command.rb | 50 ---------------------- 1 file changed, 50 deletions(-) delete mode 100644 railties/lib/rails/commands/secrets/secrets_command.rb (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb deleted file mode 100644 index 05e0c228e8..0000000000 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ /dev/null @@ -1,50 +0,0 @@ -require "active_support" -require "rails/secrets" - -module Rails - module Command - class SecretsCommand < Rails::Command::Base # :nodoc: - def help - say "Usage:\n #{self.class.banner}" - say "" - say self.class.desc - end - - def setup - require "rails/generators" - require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" - - Rails::Generators::EncryptedSecretsGenerator.start - end - - def edit - require_application_and_environment! - - Rails::Secrets.read_for_editing do |tmp_path| - watch tmp_path do - puts "Waiting for secrets file to be saved. Abort with Ctrl-C." - system("\$EDITOR #{tmp_path}") - end - end - - puts "New secrets encrypted and saved." - rescue Interrupt - puts "Aborted changing encrypted secrets: nothing saved." - rescue Rails::Secrets::MissingKeyError => error - say error.message - end - - private - def watch(tmp_path) - mtime, start_time = File.mtime(tmp_path), Time.now - - yield - - editor_exits_after_open = $?.success? && (Time.now - start_time) < 1 - if editor_exits_after_open - sleep 0.250 until File.mtime(tmp_path) != mtime - end - end - end - end -end -- cgit v1.2.3 From fbee4e3ce37674eb928298490a35d3dfd1921e67 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Thu, 23 Feb 2017 18:15:28 +0100 Subject: Revert "Revert "Add encrypted secrets"" --- .../lib/rails/commands/secrets/secrets_command.rb | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 railties/lib/rails/commands/secrets/secrets_command.rb (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb new file mode 100644 index 0000000000..05e0c228e8 --- /dev/null +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -0,0 +1,50 @@ +require "active_support" +require "rails/secrets" + +module Rails + module Command + class SecretsCommand < Rails::Command::Base # :nodoc: + def help + say "Usage:\n #{self.class.banner}" + say "" + say self.class.desc + end + + def setup + require "rails/generators" + require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" + + Rails::Generators::EncryptedSecretsGenerator.start + end + + def edit + require_application_and_environment! + + Rails::Secrets.read_for_editing do |tmp_path| + watch tmp_path do + puts "Waiting for secrets file to be saved. Abort with Ctrl-C." + system("\$EDITOR #{tmp_path}") + end + end + + puts "New secrets encrypted and saved." + rescue Interrupt + puts "Aborted changing encrypted secrets: nothing saved." + rescue Rails::Secrets::MissingKeyError => error + say error.message + end + + private + def watch(tmp_path) + mtime, start_time = File.mtime(tmp_path), Time.now + + yield + + editor_exits_after_open = $?.success? && (Time.now - start_time) < 1 + if editor_exits_after_open + sleep 0.250 until File.mtime(tmp_path) != mtime + end + end + end + end +end -- cgit v1.2.3 From 9fdf326a5f6f7e10594dd6205cfc8e0425fb3e67 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Thu, 23 Feb 2017 18:47:23 +0100 Subject: Yank the intricate immediately-exiting editor recognition. Most editors support a wait flag of some kind which prevents their process from exiting until the file or window is closed. Prefer people to assign that themselves than us mucking around with File mtimes or other such things. Example of an editor config: ``` export EDITOR="atom --wait" ``` --- railties/lib/rails/commands/secrets/secrets_command.rb | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 05e0c228e8..3ba8c0c85b 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -21,10 +21,8 @@ module Rails require_application_and_environment! Rails::Secrets.read_for_editing do |tmp_path| - watch tmp_path do - puts "Waiting for secrets file to be saved. Abort with Ctrl-C." - system("\$EDITOR #{tmp_path}") - end + puts "Waiting for secrets file to be saved. Abort with Ctrl-C." + system("\$EDITOR #{tmp_path}") end puts "New secrets encrypted and saved." @@ -33,18 +31,6 @@ module Rails rescue Rails::Secrets::MissingKeyError => error say error.message end - - private - def watch(tmp_path) - mtime, start_time = File.mtime(tmp_path), Time.now - - yield - - editor_exits_after_open = $?.success? && (Time.now - start_time) < 1 - if editor_exits_after_open - sleep 0.250 until File.mtime(tmp_path) != mtime - end - end end end end -- cgit v1.2.3 From 82f7dc6178f86e5e2dd82f9e528475a6acee6cd8 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Wed, 1 Mar 2017 20:40:39 +0100 Subject: Tell users how to assign a $EDITOR. In case there's no $EDITOR assigned users would see a cryptic: ``` % EDITOR= bin/rails secrets:edit Waiting for secrets file to be saved. Abort with Ctrl-C. sh: /var/folders/wd/xnncwqp96rj0v1y2nms64mq80000gn/T/secrets.yml.enc: Permission denied New secrets encrypted and saved. ``` That error is misleading, so give a hint in this easily detectable case. Fixes #28143. --- railties/lib/rails/commands/secrets/secrets_command.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 3ba8c0c85b..9438eeb9f7 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -18,6 +18,17 @@ module Rails end def edit + if ENV["EDITOR"].empty? + say "No $EDITOR to open decrypted secrets in. Assign one like this:" + say "" + say %(EDITOR="mate --wait" bin/rails secrets:edit) + say "" + say "For editors that fork and exit immediately, it's important to pass a wait flag," + say "otherwise the secrets will be saved immediately with no chance to edit." + + return + end + require_application_and_environment! Rails::Secrets.read_for_editing do |tmp_path| -- cgit v1.2.3 From 84bc9a50d35f57135932b3ef6d9984f87d1c2229 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Wed, 1 Mar 2017 20:42:54 +0100 Subject: Put it to me straight: just say it. Prefer Thor's say method to Kernel's plain puts. --- railties/lib/rails/commands/secrets/secrets_command.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 9438eeb9f7..65db81ac73 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -32,13 +32,13 @@ module Rails require_application_and_environment! Rails::Secrets.read_for_editing do |tmp_path| - puts "Waiting for secrets file to be saved. Abort with Ctrl-C." + say "Waiting for secrets file to be saved. Abort with Ctrl-C." system("\$EDITOR #{tmp_path}") end - puts "New secrets encrypted and saved." + say "New secrets encrypted and saved." rescue Interrupt - puts "Aborted changing encrypted secrets: nothing saved." + say "Aborted changing encrypted secrets: nothing saved." rescue Rails::Secrets::MissingKeyError => error say error.message end -- cgit v1.2.3 From 3279394c45dadb5ae33ce5c2af0018a36009830b Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Thu, 2 Mar 2017 07:54:53 +0900 Subject: Convert `ENV["EDITOR"]` to string before check In order to avoid `NoMethodError` when it is nil. Follow up to 82f7dc6178f86e5e2dd82f9e528475a6acee6cd8 --- railties/lib/rails/commands/secrets/secrets_command.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 65db81ac73..b9ae5d8b3b 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -18,7 +18,7 @@ module Rails end def edit - if ENV["EDITOR"].empty? + if ENV["EDITOR"].to_s.empty? say "No $EDITOR to open decrypted secrets in. Assign one like this:" say "" say %(EDITOR="mate --wait" bin/rails secrets:edit) -- cgit v1.2.3 From 54ee15a203d7463534c2188141c6fb0090c9dc44 Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Sun, 26 Feb 2017 21:05:13 +0900 Subject: Show correct commands in help Currently rails' help shows only namespace. However, the secrets command needs to specify command. Therefore, I fixed the command to display in help. --- railties/lib/rails/commands/secrets/secrets_command.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'railties/lib/rails/commands/secrets/secrets_command.rb') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 3ba8c0c85b..c6d9ec0008 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -4,10 +4,12 @@ require "rails/secrets" module Rails module Command class SecretsCommand < Rails::Command::Base # :nodoc: - def help - say "Usage:\n #{self.class.banner}" - say "" - say self.class.desc + no_commands do + def help + say "Usage:\n #{self.class.banner}" + say "" + say self.class.desc + end end def setup -- cgit v1.2.3