Manage encrypted credentials (added in Rails 5.2.0) with multiple environments.
Available as a gem creds
Using Rails command, generate new encrypted file by
bin/rails encrypted:edit config/credentials/production.yml.enc --key config/credentials/production.key
add some content in opened editor (note there is no environment root key, ie no production):
aws_access_key_id: my-access-key-idIf config/credentials/production.key doesn't exist yet, run bin/rails generate master_key and adjust naming to match desired one.
Content of file can be displayed by
bin/rails encrypted:show config/credentials/production.yml.enc --key config/credentials/production.key
Add to config/environments/production.rb (or any other env)
config.creds = Creds.new("config/credentials/production.yml.enc")If wants to use key from custom path - by default it checks RAILS_MASTER_KEY env key and config/master.key file:
config.creds = Creds.new("config/credentials/production.yml.enc", key_path: "config/credentials/production.key")In the code:
Rails.configuration.creds.aws_access_key_idTo ease working in development/test environments with the same API, add config/credentials/plain.yml with key/value pairs
nested under environment name, like:
development:
aws_access_key_id: "aws-key-id"Then add to config/environments/development.rb
config.creds = Creds.new("config/credentials/plain.yml", env: "development")In Rails 6.0 it is possible to edit files by rails credentials:edit --environment production which will look for
config/credentials/production.yml.enc encrypted by ENV["RAILS_MASTER_KEY"] or config/credentials/production.key
- To raise error in case of missing key you can add bang to the name, like
Rails.configuration.creds.database_url! - To list all defined key/value pairs call
config, likeRails.configuration.creds.config - Plain text file can embed Ruby (
<%= %>), but not encrypted one - If
secret_key_baseis specified in credentials file, it will be assigned toRails.configuration.secret_key_base, as it is required by Rails
After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/freeletics/creds
The gem is available as open source under the terms of the MIT License.