From f55306f098f9a937ef2b0fbbb0e002960f7bcf89 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Mon, 11 Mar 2019 20:57:40 +0100 Subject: [ci skip] Improve `encrypted` commands USAGE This streamlines the lovely foundation Bogdan added. Mainly to add guidance around encryption keys and remove some backticks. Finally it adds some mention of how to access these files from Ruby in apps. [ Kasper Timm Hansen & bogdanvlviv ] --- railties/lib/rails/commands/encrypted/USAGE | 32 +++++++++++++++++------------ 1 file changed, 19 insertions(+), 13 deletions(-) (limited to 'railties/lib/rails/commands') diff --git a/railties/lib/rails/commands/encrypted/USAGE b/railties/lib/rails/commands/encrypted/USAGE index 667af85cd8..7ec3ebb5d7 100644 --- a/railties/lib/rails/commands/encrypted/USAGE +++ b/railties/lib/rails/commands/encrypted/USAGE @@ -1,22 +1,28 @@ === Storing Encrypted Files in Source Control -The Rails `encrypted` commands provide access to encrypted files. +The Rails `encrypted` commands provide access to encrypted files or configurations. +See the `Rails.application.encrypted` documentation for using them in your app. + +=== Encryption Keys + +By default, Rails looks for the encryption key in `config/master.key` or +`ENV["RAILS_MASTER_KEY"]`, but that lookup can be overriden with `--key`: + + rails encrypted:edit config/encrypted_file.yml.enc --key config/encrypted_file.key + +Don't commit the key! Add it to your source control's ignore file. If you use +Git, Rails handles this for you. === Editing Files -`rails encrypted:edit config/encrypted_file.yml.enc` opens a temporary file -in `$EDITOR` with the decrypted contents of `config/encrypted_file.yml.enc` to -edit. The encrypted key is either stored in `config/master.key` -or `ENV["RAILS_MASTER_KEY"]` is used, but you can provide relative path -to the encryption key by using `--key` option: +To edit or create an encrypted file use: + + rails encrypted:edit config/encrypted_file.yml.enc -`rails encrypted:edit config/encrypted_file.yml.enc --key config/encrypted_file.key`. +This opens a temporary file in `$EDITOR` with the decrypted contents for editing. -=== Viewing files +=== Viewing Files -`rails encrypted:show config/encrypted_file.yml.enc` prints the decrypted contents of -`config/encrypted_file.yml.enc` file. The encrypted key is either stored in `config/master.key` -or `ENV["RAILS_MASTER_KEY"]` is used, but you can provide relative path -to the encryption key by using `--key` option: +To print the decrypted contents of an encrypted file use: -`rails encrypted:show config/encrypted_file.yml.enc --key config/encrypted_file.key`. + rails encrypted:show config/encrypted_file.yml.enc -- cgit v1.2.3