From 54ee15a203d7463534c2188141c6fb0090c9dc44 Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Sun, 26 Feb 2017 21:05:13 +0900 Subject: Show correct commands in help Currently rails' help shows only namespace. However, the secrets command needs to specify command. Therefore, I fixed the command to display in help. --- railties/lib/rails/commands/secrets/secrets_command.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'railties/lib/rails/commands/secrets') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 3ba8c0c85b..c6d9ec0008 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -4,10 +4,12 @@ require "rails/secrets" module Rails module Command class SecretsCommand < Rails::Command::Base # :nodoc: - def help - say "Usage:\n #{self.class.banner}" - say "" - say self.class.desc + no_commands do + def help + say "Usage:\n #{self.class.banner}" + say "" + say self.class.desc + end end def setup -- cgit v1.2.3 From b16dcc872bb3c094cf1f1d890bdd302593acbbe8 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Thu, 9 Mar 2017 20:19:58 +0100 Subject: [ci skip] Document read_encrypted_secrets config. Mostly just that it's there. Closes #28193. --- railties/lib/rails/commands/secrets/USAGE | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'railties/lib/rails/commands/secrets') diff --git a/railties/lib/rails/commands/secrets/USAGE b/railties/lib/rails/commands/secrets/USAGE index 4b7deb4e2a..96e322fe91 100644 --- a/railties/lib/rails/commands/secrets/USAGE +++ b/railties/lib/rails/commands/secrets/USAGE @@ -40,6 +40,14 @@ be encrypted. A `shared:` top level key is also supported such that any keys there is merged into the other environments. +Additionally, Rails won't read encrypted secrets out of the box even if you have +the key. Add this: + + config.read_encrypted_secrets = true + +to the environment you'd like to read encrypted secrets. `bin/rails secrets:setup` +inserts this into the production environment by default. + === Editing Secrets After `bin/rails secrets:setup`, run `bin/rails secrets:edit`. -- cgit v1.2.3 From f50471751942730e3311f8c04ae4d97365ab3243 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Tue, 23 May 2017 21:48:05 +0200 Subject: Remove needless waiting message. Needed back when we attempted to wait for editors, but now we expect users to pass a -w flag to their $EDITOR. --- railties/lib/rails/commands/secrets/secrets_command.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'railties/lib/rails/commands/secrets') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 03a640bd65..76e13a6e49 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -34,7 +34,6 @@ module Rails require_application_and_environment! Rails::Secrets.read_for_editing do |tmp_path| - say "Waiting for secrets file to be saved. Abort with Ctrl-C." system("\$EDITOR #{tmp_path}") end -- cgit v1.2.3 From 0338c81dc2ab6ef35fe68461e39c0bad0af5bb95 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Tue, 23 May 2017 21:54:01 +0200 Subject: Reorder first secrets edit flow. Setup config/secrets.yml.enc with template contents for people to edit. Then generate encryption key and encrypt the initial secrets. --- .../lib/rails/commands/secrets/secrets_command.rb | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'railties/lib/rails/commands/secrets') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 76e13a6e49..651411d444 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -13,10 +13,7 @@ module Rails end def setup - require "rails/generators" - require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" - - Rails::Generators::EncryptedSecretsGenerator.start + generator.start end def edit @@ -42,7 +39,22 @@ module Rails say "Aborted changing encrypted secrets: nothing saved." rescue Rails::Secrets::MissingKeyError => error say error.message + rescue Errno::ENOENT => error + raise unless error.message =~ /secrets\.yml\.enc/ + + Rails::Secrets.read_template_for_editing do |tmp_path| + system("\$EDITOR #{tmp_path}") + generator.skip_secrets_file { setup } + end end + + private + def generator + require "rails/generators" + require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" + + Rails::Generators::EncryptedSecretsGenerator + end end end end -- cgit v1.2.3 From f81f840c02cff34c169e6fca348fab9a372c8372 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Sun, 11 Jun 2017 12:22:39 +0200 Subject: Access EDITOR through Ruby's cross-platform ENV. Fix the mistake of not using Ruby's ENV hash from the get go and get windows support. --- railties/lib/rails/commands/secrets/secrets_command.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'railties/lib/rails/commands/secrets') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 651411d444..5f077a5bcb 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -31,7 +31,7 @@ module Rails require_application_and_environment! Rails::Secrets.read_for_editing do |tmp_path| - system("\$EDITOR #{tmp_path}") + system("#{ENV["EDITOR"]} #{tmp_path}") end say "New secrets encrypted and saved." @@ -43,7 +43,7 @@ module Rails raise unless error.message =~ /secrets\.yml\.enc/ Rails::Secrets.read_template_for_editing do |tmp_path| - system("\$EDITOR #{tmp_path}") + system("#{ENV["EDITOR"]} #{tmp_path}") generator.skip_secrets_file { setup } end end -- cgit v1.2.3 From 618268b4b9382f4bcf004a945fe2d85c0bd03e32 Mon Sep 17 00:00:00 2001 From: Akira Matsuda Date: Fri, 30 Jun 2017 13:55:31 +0900 Subject: [Railties] require => require_relative --- railties/lib/rails/commands/secrets/secrets_command.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'railties/lib/rails/commands/secrets') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 5f077a5bcb..9e530f5e23 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -1,5 +1,5 @@ require "active_support" -require "rails/secrets" +require_relative "../../secrets" module Rails module Command @@ -50,8 +50,8 @@ module Rails private def generator - require "rails/generators" - require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator" + require_relative "../../generators" + require_relative "../../generators/rails/encrypted_secrets/encrypted_secrets_generator" Rails::Generators::EncryptedSecretsGenerator end -- cgit v1.2.3 From af5368eeff693bcb8e64b96df93691ded8908f1c Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Thu, 6 Jul 2017 21:40:33 +0900 Subject: Add `rails secrets:show` command When secrets confirmed with the `secrets:edit` command, `secrets.yml.enc` will change without updating the secrets. Therefore, even if only want to check secrets, the difference will come out. This is a little inconvenient. In order to solve this problem, added the `secrets:show` command. If just want to check secrets, no difference will occur use this command. --- railties/lib/rails/commands/secrets/secrets_command.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'railties/lib/rails/commands/secrets') diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 9e530f5e23..45e02fa730 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -48,6 +48,10 @@ module Rails end end + def show + say Rails::Secrets.read + end + private def generator require_relative "../../generators" -- cgit v1.2.3