Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
0203c376
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
0203c376
编写于
3月 02, 2017
作者:
K
Kasper Timm Hansen
提交者:
GitHub
3月 02, 2017
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #28139 from stouset/update-secrets-to-use-modern-crypto
Update secrets to use modern crypto
上级
f294e649
6aa6f9ae
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
16 addition
and
17 deletion
+16
-17
railties/lib/rails/secrets.rb
railties/lib/rails/secrets.rb
+13
-15
railties/test/secrets_test.rb
railties/test/secrets_test.rb
+3
-2
未找到文件。
railties/lib/rails/secrets.rb
浏览文件 @
0203c376
require
"
yaml
"
require
"
active_support/message_encryptor
"
module
Rails
# Greatly inspired by Ara T. Howard's magnificent sekrets gem. 😘
...
...
@@ -12,6 +12,8 @@ def initialize
end
end
CIPHER
=
"aes-128-gcm"
@read_encrypted_secrets
=
false
@root
=
File
# Wonky, but ensures `join` uses the current directory.
...
...
@@ -30,20 +32,22 @@ def parse(paths, env:)
end
def
generate_key
cipher
=
new_cipher
SecureRandom
.
hex
(
cipher
.
key_len
)[
0
,
cipher
.
key_len
]
SecureRandom
.
hex
(
OpenSSL
::
Cipher
.
new
(
CIPHER
).
key_len
)
end
def
key
ENV
[
"RAILS_MASTER_KEY"
]
||
read_key_file
||
handle_missing_key
[(
ENV
[
"RAILS_MASTER_KEY"
]
||
read_key_file
||
handle_missing_key
)]
.
pack
(
"H*"
)
end
def
encrypt
(
text
)
cipher
(
:encrypt
,
text
)
def
encrypt
(
data
)
encryptor
.
encrypt_and_sign
(
data
)
end
def
decrypt
(
data
)
cipher
(
:decrypt
,
data
)
encryptor
.
decrypt_and_verify
(
data
)
end
def
read
...
...
@@ -97,14 +101,8 @@ def preprocess(path)
end
end
def
new_cipher
OpenSSL
::
Cipher
.
new
(
"aes-256-cbc"
)
end
def
cipher
(
mode
,
data
)
cipher
=
new_cipher
.
public_send
(
mode
)
cipher
.
key
=
key
cipher
.
update
(
data
)
<<
cipher
.
final
def
encryptor
@encryptor
||=
ActiveSupport
::
MessageEncryptor
.
new
(
key
,
cipher:
CIPHER
)
end
end
end
...
...
railties/test/secrets_test.rb
浏览文件 @
0203c376
...
...
@@ -54,9 +54,10 @@ def teardown
test
"reading from key file"
do
run_secrets_generator
do
File
.
binwrite
(
"config/secrets.yml.key"
,
"How do I know you feel it?"
)
key
=
"00112233445566778899aabbccddeeff"
File
.
binwrite
(
"config/secrets.yml.key"
,
key
)
assert_equal
"How do I know you feel it?"
,
Rails
::
Secrets
.
key
assert_equal
[
key
].
pack
(
"H*"
)
,
Rails
::
Secrets
.
key
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录