From f50471751942730e3311f8c04ae4d97365ab3243 Mon Sep 17 00:00:00 2001
From: Kasper Timm Hansen <kaspth@gmail.com>
Date: Tue, 23 May 2017 21:48:05 +0200
Subject: Remove needless waiting message.

Needed back when we attempted to wait for editors, but now we expect
users to pass a -w flag to their $EDITOR.
---
 railties/lib/rails/commands/secrets/secrets_command.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb
index 03a640bd65..76e13a6e49 100644
--- a/railties/lib/rails/commands/secrets/secrets_command.rb
+++ b/railties/lib/rails/commands/secrets/secrets_command.rb
@@ -34,7 +34,6 @@ module Rails
         require_application_and_environment!
 
         Rails::Secrets.read_for_editing do |tmp_path|
-          say "Waiting for secrets file to be saved. Abort with Ctrl-C."
           system("\$EDITOR #{tmp_path}")
         end
 
-- 
cgit v1.2.3


From 0338c81dc2ab6ef35fe68461e39c0bad0af5bb95 Mon Sep 17 00:00:00 2001
From: Kasper Timm Hansen <kaspth@gmail.com>
Date: Tue, 23 May 2017 21:54:01 +0200
Subject: Reorder first secrets edit flow.

Setup config/secrets.yml.enc with template contents for people to edit.

Then generate encryption key and encrypt the initial secrets.
---
 .../lib/rails/commands/secrets/secrets_command.rb  | 20 ++++++++++---
 .../encrypted_secrets_generator.rb                 | 30 ++++++++++---------
 .../templates/config/secrets.yml.enc               |  3 --
 railties/lib/rails/secrets.rb                      | 34 +++++++++++++++++-----
 4 files changed, 59 insertions(+), 28 deletions(-)
 delete mode 100644 railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc

(limited to 'railties/lib')

diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb
index 76e13a6e49..651411d444 100644
--- a/railties/lib/rails/commands/secrets/secrets_command.rb
+++ b/railties/lib/rails/commands/secrets/secrets_command.rb
@@ -13,10 +13,7 @@ module Rails
       end
 
       def setup
-        require "rails/generators"
-        require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
-
-        Rails::Generators::EncryptedSecretsGenerator.start
+        generator.start
       end
 
       def edit
@@ -42,7 +39,22 @@ module Rails
         say "Aborted changing encrypted secrets: nothing saved."
       rescue Rails::Secrets::MissingKeyError => error
         say error.message
+      rescue Errno::ENOENT => error
+        raise unless error.message =~ /secrets\.yml\.enc/
+
+        Rails::Secrets.read_template_for_editing do |tmp_path|
+          system("\$EDITOR #{tmp_path}")
+          generator.skip_secrets_file { setup }
+        end
       end
+
+      private
+        def generator
+          require "rails/generators"
+          require "rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
+
+          Rails::Generators::EncryptedSecretsGenerator
+        end
     end
   end
 end
diff --git a/railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb b/railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb
index 8b29213610..1da2fbc1a5 100644
--- a/railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb
+++ b/railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb
@@ -36,25 +36,29 @@ module Rails
       end
 
       def add_encrypted_secrets_file
-        unless File.exist?("config/secrets.yml.enc")
+        unless (defined?(@@skip_secrets_file) && @@skip_secrets_file) || File.exist?("config/secrets.yml.enc")
           say "Adding config/secrets.yml.enc to store secrets that needs to be encrypted."
           say ""
+          say "For now the file contains this but it's been encrypted with the generated key:"
+          say ""
+          say Secrets.template, :on_green
+          say ""
 
-          template "config/secrets.yml.enc" do |prefill|
-            say ""
-            say "For now the file contains this but it's been encrypted with the generated key:"
-            say ""
-            say prefill, :on_green
-            say ""
-
-            Secrets.encrypt(prefill)
-          end
+          Secrets.write(Secrets.template)
 
           say "You can edit encrypted secrets with `bin/rails secrets:edit`."
-
-          say "Add this to your config/environments/production.rb:"
-          say "config.read_encrypted_secrets = true"
+          say ""
         end
+
+        say "Add this to your config/environments/production.rb:"
+        say "config.read_encrypted_secrets = true"
+      end
+
+      def self.skip_secrets_file
+        @@skip_secrets_file = true
+        yield
+      ensure
+        @@skip_secrets_file = false
       end
 
       private
diff --git a/railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc b/railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc
deleted file mode 100644
index 70426a66a5..0000000000
--- a/railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc
+++ /dev/null
@@ -1,3 +0,0 @@
-# See `secrets.yml` for tips on generating suitable keys.
-# production:
-#  external_api_key: 1466aac22e6a869134be3d09b9e89232fc2c2289…
diff --git a/railties/lib/rails/secrets.rb b/railties/lib/rails/secrets.rb
index 8b644f212c..20c20cb9f1 100644
--- a/railties/lib/rails/secrets.rb
+++ b/railties/lib/rails/secrets.rb
@@ -1,5 +1,6 @@
 require "yaml"
 require "active_support/message_encryptor"
+require "active_support/core_ext/string/strip"
 
 module Rails
   # Greatly inspired by Ara T. Howard's magnificent sekrets gem. 😘
@@ -37,6 +38,15 @@ module Rails
         ENV["RAILS_MASTER_KEY"] || read_key_file || handle_missing_key
       end
 
+      def template
+        <<-end_of_template.strip_heredoc
+          # See `secrets.yml` for tips on generating suitable keys.
+          # production:
+          #  external_api_key: 1466aac22e6a869134be3d09b9e89232fc2c2289…
+
+        end_of_template
+      end
+
       def encrypt(data)
         encryptor.encrypt_and_sign(data)
       end
@@ -54,15 +64,12 @@ module Rails
         FileUtils.mv("#{path}.tmp", path)
       end
 
-      def read_for_editing
-        tmp_path = File.join(Dir.tmpdir, File.basename(path))
-        IO.binwrite(tmp_path, read)
-
-        yield tmp_path
+      def read_for_editing(&block)
+        writing(read, &block)
+      end
 
-        write(IO.binread(tmp_path))
-      ensure
-        FileUtils.rm(tmp_path) if File.exist?(tmp_path)
+      def read_template_for_editing(&block)
+        writing(template, &block)
       end
 
       private
@@ -92,6 +99,17 @@ module Rails
           end
         end
 
+        def writing(contents)
+          tmp_path = File.join(Dir.tmpdir, File.basename(path))
+          File.write(tmp_path, contents)
+
+          yield tmp_path
+
+          write(File.read(tmp_path))
+        ensure
+          FileUtils.rm(tmp_path) if File.exist?(tmp_path)
+        end
+
         def encryptor
           @encryptor ||= ActiveSupport::MessageEncryptor.new([ key ].pack("H*"), cipher: @cipher)
         end
-- 
cgit v1.2.3