Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
039380e3
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
039380e3
编写于
2月 23, 2017
作者:
D
David Heinemeier Hansson
提交者:
GitHub
2月 23, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Revert "Add encrypted secrets" (#28127)
上级
11660945
变更
17
隐藏空白更改
内联
并排
Showing
17 changed file
with
27 addition
and
482 deletion
+27
-482
railties/lib/rails/application.rb
railties/lib/rails/application.rb
+12
-2
railties/lib/rails/application/bootstrap.rb
railties/lib/rails/application/bootstrap.rb
+0
-6
railties/lib/rails/application/configuration.rb
railties/lib/rails/application/configuration.rb
+2
-4
railties/lib/rails/command.rb
railties/lib/rails/command.rb
+9
-18
railties/lib/rails/command/base.rb
railties/lib/rails/command/base.rb
+2
-8
railties/lib/rails/commands/secrets/USAGE
railties/lib/rails/commands/secrets/USAGE
+0
-52
railties/lib/rails/commands/secrets/secrets_command.rb
railties/lib/rails/commands/secrets/secrets_command.rb
+0
-50
railties/lib/rails/generators.rb
railties/lib/rails/generators.rb
+0
-1
railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt
.../rails/app/templates/config/environments/production.rb.tt
+0
-5
railties/lib/rails/generators/rails/app/templates/config/secrets.yml
...b/rails/generators/rails/app/templates/config/secrets.yml
+2
-4
railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb
...rs/rails/encrypted_secrets/encrypted_secrets_generator.rb
+0
-66
railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc
.../rails/encrypted_secrets/templates/config/secrets.yml.enc
+0
-3
railties/lib/rails/secrets.rb
railties/lib/rails/secrets.rb
+0
-111
railties/test/generators/app_generator_test.rb
railties/test/generators/app_generator_test.rb
+0
-1
railties/test/generators/encrypted_secrets_generator_test.rb
railties/test/generators/encrypted_secrets_generator_test.rb
+0
-42
railties/test/isolation/abstract_unit.rb
railties/test/isolation/abstract_unit.rb
+0
-1
railties/test/secrets_test.rb
railties/test/secrets_test.rb
+0
-108
未找到文件。
railties/lib/rails/application.rb
浏览文件 @
039380e3
...
...
@@ -4,7 +4,6 @@
require
"active_support/key_generator"
require
"active_support/message_verifier"
require
"rails/engine"
require
"rails/secrets"
module
Rails
# An Engine with the responsibility of coordinating the whole boot process.
...
...
@@ -386,7 +385,18 @@ def config=(configuration) #:nodoc:
def
secrets
@secrets
||=
begin
secrets
=
ActiveSupport
::
OrderedOptions
.
new
secrets
.
merge!
Rails
::
Secrets
.
parse
(
config
.
paths
[
"config/secrets"
].
existent
,
env:
Rails
.
env
)
yaml
=
config
.
paths
[
"config/secrets"
].
first
if
File
.
exist?
(
yaml
)
require
"erb"
all_secrets
=
YAML
.
load
(
ERB
.
new
(
IO
.
read
(
yaml
)).
result
)
||
{}
shared_secrets
=
all_secrets
[
"shared"
]
env_secrets
=
all_secrets
[
Rails
.
env
]
secrets
.
merge!
(
shared_secrets
.
deep_symbolize_keys
)
if
shared_secrets
secrets
.
merge!
(
env_secrets
.
deep_symbolize_keys
)
if
env_secrets
end
# Fallback to config.secret_key_base if secrets.secret_key_base isn't set
secrets
.
secret_key_base
||=
config
.
secret_key_base
...
...
railties/lib/rails/application/bootstrap.rb
浏览文件 @
039380e3
...
...
@@ -2,7 +2,6 @@
require
"active_support/notifications"
require
"active_support/dependencies"
require
"active_support/descendants_tracker"
require
"rails/secrets"
module
Rails
class
Application
...
...
@@ -78,11 +77,6 @@ module Bootstrap
initializer
:bootstrap_hook
,
group: :all
do
|
app
|
ActiveSupport
.
run_load_hooks
(
:before_initialize
,
app
)
end
initializer
:set_secrets_root
,
group: :all
do
Rails
::
Secrets
.
root
=
root
Rails
::
Secrets
.
read_encrypted_secrets
=
config
.
read_encrypted_secrets
end
end
end
end
railties/lib/rails/application/configuration.rb
浏览文件 @
039380e3
...
...
@@ -13,8 +13,7 @@ class Configuration < ::Rails::Engine::Configuration
:railties_order
,
:relative_url_root
,
:secret_key_base
,
:secret_token
,
:ssl_options
,
:public_file_server
,
:session_options
,
:time_zone
,
:reload_classes_only_on_change
,
:beginning_of_week
,
:filter_redirect
,
:x
,
:enable_dependency_loading
,
:read_encrypted_secrets
:beginning_of_week
,
:filter_redirect
,
:x
,
:enable_dependency_loading
attr_writer
:log_level
attr_reader
:encoding
,
:api_only
...
...
@@ -52,7 +51,6 @@ def initialize(*)
@debug_exception_response_format
=
nil
@x
=
Custom
.
new
@enable_dependency_loading
=
false
@read_encrypted_secrets
=
false
end
def
encoding
=
(
value
)
...
...
@@ -82,7 +80,7 @@ def paths
@paths
||=
begin
paths
=
super
paths
.
add
"config/database"
,
with:
"config/database.yml"
paths
.
add
"config/secrets"
,
with:
"config
"
,
glob:
"secrets.yml{,.enc}
"
paths
.
add
"config/secrets"
,
with:
"config
/secrets.yml
"
paths
.
add
"config/environment"
,
with:
"config/environment.rb"
paths
.
add
"lib/templates"
paths
.
add
"log"
,
with:
"log/
#{
Rails
.
env
}
.log"
...
...
railties/lib/rails/command.rb
浏览文件 @
039380e3
...
...
@@ -27,22 +27,15 @@ def environment # :nodoc:
end
# Receives a namespace, arguments and the behavior to invoke the command.
def
invoke
(
full_namespace
,
args
=
[],
**
config
)
namespace
=
full_namespace
=
full_namespace
.
to_s
def
invoke
(
namespace
,
args
=
[],
**
config
)
namespace
=
namespace
.
to_s
namespace
=
"help"
if
namespace
.
blank?
||
HELP_MAPPINGS
.
include?
(
namespace
)
namespace
=
"version"
if
%w( -v --version )
.
include?
namespace
if
c
har
=
namespace
=~
/:(\w+)$/
command
_name
,
namespace
=
$1
,
namespace
.
slice
(
0
,
char
)
if
c
ommand
=
find_by_namespace
(
namespace
)
command
.
perform
(
namespace
,
args
,
config
)
else
command_name
=
namespace
end
command_name
=
"help"
if
command_name
.
blank?
||
HELP_MAPPINGS
.
include?
(
command_name
)
namespace
=
"version"
if
%w( -v --version )
.
include?
(
command_name
)
if
command
=
find_by_namespace
(
namespace
,
command_name
)
command
.
perform
(
command_name
,
args
,
config
)
else
find_by_namespace
(
"rake"
).
perform
(
full_namespace
,
args
,
config
)
find_by_namespace
(
"rake"
).
perform
(
namespace
,
args
,
config
)
end
end
...
...
@@ -59,10 +52,8 @@ def invoke(full_namespace, args = [], **config)
#
# Notice that "rails:commands:webrat" could be loaded as well, what
# Rails looks for is the first and last parts of the namespace.
def
find_by_namespace
(
namespace
,
command_name
=
nil
)
# :nodoc:
lookups
=
[
namespace
]
lookups
<<
"
#{
namespace
}
:
#{
command_name
}
"
if
command_name
lookups
.
concat
lookups
.
map
{
|
lookup
|
"rails:
#{
lookup
}
"
}
def
find_by_namespace
(
name
)
# :nodoc:
lookups
=
[
name
,
"rails:
#{
name
}
"
]
lookup
(
lookups
)
...
...
railties/lib/rails/command/base.rb
浏览文件 @
039380e3
...
...
@@ -56,9 +56,7 @@ def inherited(base) #:nodoc:
end
def
perform
(
command
,
args
,
config
)
# :nodoc:
if
Rails
::
Command
::
HELP_MAPPINGS
.
include?
(
args
.
first
)
command
,
args
=
"help"
,
[]
end
command
=
nil
if
Rails
::
Command
::
HELP_MAPPINGS
.
include?
(
args
.
first
)
dispatch
(
command
,
args
.
dup
,
nil
,
config
)
end
...
...
@@ -113,7 +111,7 @@ def usage_path
# For a `Rails::Command::TestCommand` placed in `rails/command/test_command.rb`
# would return `rails/test`.
def
default_command_root
path
=
File
.
expand_path
(
File
.
join
(
"../commands"
,
command_
root_namespac
e
),
__dir__
)
path
=
File
.
expand_path
(
File
.
join
(
"../commands"
,
command_
nam
e
),
__dir__
)
path
if
File
.
exist?
(
path
)
end
...
...
@@ -131,10 +129,6 @@ def create_command(meth)
super
end
end
def
command_root_namespace
(
namespace
.
split
(
":"
)
-
%w( rails )
).
first
end
end
def
help
...
...
railties/lib/rails/commands/secrets/USAGE
已删除
100644 → 0
浏览文件 @
11660945
=== Storing Encrypted Secrets in Source Control
The Rails `secrets` commands helps encrypting secrets to slim a production
environment's `ENV` hash. It's also useful for atomic deploys: no need to
coordinate key changes to get everything working as the keys are shipped
with the code.
=== Setup
Run `bin/rails secrets:setup` to opt in and generate the `config/secrets.yml.key`
and `config/secrets.yml.enc` files.
The latter contains all the keys to be encrypted while the former holds the
encryption key.
Don't lose the key! Put it in a password manager your team can access.
Should you lose it no one, including you, will be able to access any encrypted
secrets.
Don't commit the key! Add `config/secrets.yml.key` to your source control's
ignore file. If you use Git, Rails handles this for you.
Rails also looks for the key in `ENV["RAILS_MASTER_KEY"]` if that's easier to
manage.
You could prepend that to your server's start command like this:
RAILS_MASTER_KEY="im-the-master-now-hahaha" server.start
The `config/secrets.yml.enc` has much the same format as `config/secrets.yml`:
production:
secret_key_base: so-secret-very-hidden-wow
payment_processing_gateway_key: much-safe-very-gaedwey-wow
But that's where the similarities between `secrets.yml` and `secrets.yml.enc`
end, e.g. no keys from `secrets.yml` will be moved to `secrets.yml.enc` and
be encrypted.
A `shared:` top level key is also supported such that any keys there is merged
into the other environments.
=== Editing Secrets
After `bin/rails secrets:setup`, run `bin/rails secrets:edit`.
That command opens a temporary file in `$EDITOR` with the decrypted contents of
`config/secrets.yml.enc` to edit the encrypted secrets.
When the temporary file is next saved the contents are encrypted and written to
`config/secrets.yml.enc` while the file itself is destroyed to prevent secrets
from leaking.
railties/lib/rails/commands/secrets/secrets_command.rb
已删除
100644 → 0
浏览文件 @
11660945
require
"active_support"
require
"rails/secrets"
module
Rails
module
Command
class
SecretsCommand
<
Rails
::
Command
::
Base
# :nodoc:
def
help
say
"Usage:
\n
#{
self
.
class
.
banner
}
"
say
""
say
self
.
class
.
desc
end
def
setup
require
"rails/generators"
require
"rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
Rails
::
Generators
::
EncryptedSecretsGenerator
.
start
end
def
edit
require_application_and_environment!
Rails
::
Secrets
.
read_for_editing
do
|
tmp_path
|
watch
tmp_path
do
puts
"Waiting for secrets file to be saved. Abort with Ctrl-C."
system
(
"
\$
EDITOR
#{
tmp_path
}
"
)
end
end
puts
"New secrets encrypted and saved."
rescue
Interrupt
puts
"Aborted changing encrypted secrets: nothing saved."
rescue
Rails
::
Secrets
::
MissingKeyError
=>
error
say
error
.
message
end
private
def
watch
(
tmp_path
)
mtime
,
start_time
=
File
.
mtime
(
tmp_path
),
Time
.
now
yield
editor_exits_after_open
=
$?
.
success?
&&
(
Time
.
now
-
start_time
)
<
1
if
editor_exits_after_open
sleep
0.250
until
File
.
mtime
(
tmp_path
)
!=
mtime
end
end
end
end
end
railties/lib/rails/generators.rb
浏览文件 @
039380e3
...
...
@@ -214,7 +214,6 @@ def sorted_groups
rails
.
map!
{
|
n
|
n
.
sub
(
/^rails:/
,
""
)
}
rails
.
delete
(
"app"
)
rails
.
delete
(
"plugin"
)
rails
.
delete
(
"encrypted_secrets"
)
hidden_namespaces
.
each
{
|
n
|
groups
.
delete
(
n
.
to_s
)
}
...
...
railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt
浏览文件 @
039380e3
...
...
@@ -14,11 +14,6 @@ Rails.application.configure do
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
# Attempt to read encrypted secrets from `config/secrets.yml.enc`.
# Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or
# `config/secrets.yml.key`.
config.read_encrypted_secrets = true
# Disable serving static files from the `/public` folder by default since
# Apache or NGINX already handles this.
config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
...
...
railties/lib/rails/generators/rails/app/templates/config/secrets.yml
浏览文件 @
039380e3
...
...
@@ -23,10 +23,8 @@ development:
test
:
secret_key_base
:
<%= app_secret %>
# Do not keep production secrets in the unencrypted secrets file.
# Instead, either read values from the environment.
# Or, use `bin/rails secrets:setup` to configure encrypted secrets
# and move the `production:` environment over there.
# Do not keep production secrets in the repository,
# instead read values from the environment.
production
:
secret_key_base
:
<%%= ENV["SECRET_KEY_BASE"] %>
railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb
已删除
100644 → 0
浏览文件 @
11660945
require
"rails/generators/base"
require
"rails/secrets"
module
Rails
module
Generators
class
EncryptedSecretsGenerator
<
Base
def
add_secrets_key_file
unless
File
.
exist?
(
"config/secrets.yml.key"
)
||
File
.
exist?
(
"config/secrets.yml.enc"
)
key
=
Rails
::
Secrets
.
generate_key
say
"Adding config/secrets.yml.key to store the encryption key:
#{
key
}
"
say
""
say
"Save this in a password manager your team can access."
say
""
say
"If you lose the key, no one, including you, can access any encrypted secrets."
say
""
create_file
"config/secrets.yml.key"
,
key
say
""
end
end
def
ignore_key_file
if
File
.
exist?
(
".gitignore"
)
unless
File
.
read
(
".gitignore"
).
include?
(
key_ignore
)
say
"Ignoring config/secrets.yml.key so it won't end up in Git history:"
say
""
append_to_file
".gitignore"
,
key_ignore
say
""
end
else
say
"IMPORTANT: Don't commit config/secrets.yml.key. Add this to your ignore file:"
say
key_ignore
,
:on_green
say
""
end
end
def
add_encrypted_secrets_file
unless
File
.
exist?
(
"config/secrets.yml.enc"
)
say
"Adding config/secrets.yml.enc to store secrets that needs to be encrypted."
say
""
template
"config/secrets.yml.enc"
do
|
prefill
|
say
""
say
"For now the file contains this but it's been encrypted with the generated key:"
say
""
say
prefill
,
:on_green
say
""
Secrets
.
encrypt
(
prefill
)
end
say
"You can edit encrypted secrets with `bin/rails secrets:edit`."
say
"Add this to your config/environments/production.rb:"
say
"config.read_encrypted_secrets = true"
end
end
private
def
key_ignore
[
""
,
"# Ignore encrypted secrets key file."
,
"config/secrets.yml.key"
,
""
].
join
(
"
\n
"
)
end
end
end
end
railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc
已删除
100644 → 0
浏览文件 @
11660945
# See `secrets.yml` for tips on generating suitable keys.
# production:
# external_api_key: 1466aac22e6a869134be3d09b9e89232fc2c2289…
railties/lib/rails/secrets.rb
已删除
100644 → 0
浏览文件 @
11660945
require
"yaml"
module
Rails
# Greatly inspired by Ara T. Howard's magnificent sekrets gem. 😘
class
Secrets
# :nodoc:
class
MissingKeyError
<
RuntimeError
def
initialize
super
(
<<-
end_of_message
.
squish
)
Missing encryption key to decrypt secrets with.
Ask your team for your master key and put it in ENV["RAILS_MASTER_KEY"]
end_of_message
end
end
@read_encrypted_secrets
=
false
@root
=
File
# Wonky, but ensures `join` uses the current directory.
class
<<
self
attr_writer
:root
attr_accessor
:read_encrypted_secrets
def
parse
(
paths
,
env
:)
paths
.
each_with_object
(
Hash
.
new
)
do
|
path
,
all_secrets
|
require
"erb"
secrets
=
YAML
.
load
(
ERB
.
new
(
preprocess
(
path
)).
result
)
||
{}
all_secrets
.
merge!
(
secrets
[
"shared"
].
deep_symbolize_keys
)
if
secrets
[
"shared"
]
all_secrets
.
merge!
(
secrets
[
env
].
deep_symbolize_keys
)
if
secrets
[
env
]
end
end
def
generate_key
cipher
=
new_cipher
SecureRandom
.
hex
(
cipher
.
key_len
)[
0
,
cipher
.
key_len
]
end
def
key
ENV
[
"RAILS_MASTER_KEY"
]
||
read_key_file
||
handle_missing_key
end
def
encrypt
(
text
)
cipher
(
:encrypt
,
text
)
end
def
decrypt
(
data
)
cipher
(
:decrypt
,
data
)
end
def
read
decrypt
(
IO
.
binread
(
path
))
end
def
write
(
contents
)
IO
.
binwrite
(
"
#{
path
}
.tmp"
,
encrypt
(
contents
))
FileUtils
.
mv
(
"
#{
path
}
.tmp"
,
path
)
end
def
read_for_editing
tmp_path
=
File
.
join
(
Dir
.
tmpdir
,
File
.
basename
(
path
))
IO
.
binwrite
(
tmp_path
,
read
)
yield
tmp_path
write
(
IO
.
binread
(
tmp_path
))
ensure
FileUtils
.
rm
(
tmp_path
)
if
File
.
exist?
(
tmp_path
)
end
private
def
handle_missing_key
raise
MissingKeyError
end
def
read_key_file
if
File
.
exist?
(
key_path
)
IO
.
binread
(
key_path
).
strip
end
end
def
key_path
@root
.
join
(
"config"
,
"secrets.yml.key"
)
end
def
path
@root
.
join
(
"config"
,
"secrets.yml.enc"
).
to_s
end
def
preprocess
(
path
)
if
path
.
end_with?
(
".enc"
)
if
@read_encrypted_secrets
decrypt
(
IO
.
binread
(
path
))
else
""
end
else
IO
.
read
(
path
)
end
end
def
new_cipher
OpenSSL
::
Cipher
.
new
(
"aes-256-cbc"
)
end
def
cipher
(
mode
,
data
)
cipher
=
new_cipher
.
public_send
(
mode
)
cipher
.
key
=
key
cipher
.
update
(
data
)
<<
cipher
.
final
end
end
end
end
railties/test/generators/app_generator_test.rb
浏览文件 @
039380e3
...
...
@@ -335,7 +335,6 @@ def test_generator_without_skips
end
assert_file
"config/environments/production.rb"
do
|
content
|
assert_match
(
/# config\.action_mailer\.raise_delivery_errors = false/
,
content
)
assert_match
(
/^ config\.read_encrypted_secrets = true/
,
content
)
end
end
...
...
railties/test/generators/encrypted_secrets_generator_test.rb
已删除
100644 → 0
浏览文件 @
11660945
require
"generators/generators_test_helper"
require
"rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
class
EncryptedSecretsGeneratorTest
<
Rails
::
Generators
::
TestCase
include
GeneratorsTestHelper
def
setup
super
cd
destination_root
end
def
test_generates_key_file_and_encrypted_secrets_file
run_generator
assert_file
"config/secrets.yml.key"
,
/[\w\d]+/
assert
File
.
exist?
(
"config/secrets.yml.enc"
)
assert_no_match
(
/production:\n# external_api_key: [\w\d]+/
,
IO
.
binread
(
"config/secrets.yml.enc"
))
assert_match
(
/production:\n# external_api_key: [\w\d]+/
,
Rails
::
Secrets
.
read
)
end
def
test_appends_to_gitignore
FileUtils
.
touch
(
".gitignore"
)
run_generator
assert_file
".gitignore"
,
/config\/secrets.yml.key/
,
/(?!config\/secrets.yml.enc)/
end
def
test_warns_when_ignore_is_missing
assert_match
(
/Add this to your ignore file/i
,
run_generator
)
end
def
test_doesnt_generate_a_new_key_file_if_already_opted_in_to_encrypted_secrets
FileUtils
.
mkdir
(
"config"
)
File
.
open
(
"config/secrets.yml.enc"
,
"w"
)
{
|
f
|
f
.
puts
"already secrety"
}
run_generator
assert_no_file
"config/secrets.yml.key"
end
end
railties/test/isolation/abstract_unit.rb
浏览文件 @
039380e3
...
...
@@ -22,7 +22,6 @@
require
"active_support/testing/isolation"
require
"active_support/core_ext/kernel/reporting"
require
"tmpdir"
require
"rails/secrets"
module
TestHelpers
module
Paths
...
...
railties/test/secrets_test.rb
已删除
100644 → 0
浏览文件 @
11660945
require
"abstract_unit"
require
"isolation/abstract_unit"
require
"rails/generators"
require
"rails/generators/rails/encrypted_secrets/encrypted_secrets_generator"
require
"rails/secrets"
class
Rails::SecretsTest
<
ActiveSupport
::
TestCase
include
ActiveSupport
::
Testing
::
Isolation
def
setup
build_app
@old_read_encrypted_secrets
,
Rails
::
Secrets
.
read_encrypted_secrets
=
Rails
::
Secrets
.
read_encrypted_secrets
,
true
end
def
teardown
Rails
::
Secrets
.
read_encrypted_secrets
=
@old_read_encrypted_secrets
teardown_app
end
test
"setting read to false skips parsing"
do
Rails
::
Secrets
.
read_encrypted_secrets
=
false
Dir
.
chdir
(
app_path
)
do
assert_equal
Hash
.
new
,
Rails
::
Secrets
.
parse
(
%w( config/secrets.yml.enc )
,
env:
"production"
)
end
end
test
"raises when reading secrets without a key"
do
run_secrets_generator
do
FileUtils
.
rm
(
"config/secrets.yml.key"
)
assert_raises
Rails
::
Secrets
::
MissingKeyError
do
Rails
::
Secrets
.
key
end
end
end
test
"reading with ENV variable"
do
run_secrets_generator
do
begin
old_key
=
ENV
[
"RAILS_MASTER_KEY"
]
ENV
[
"RAILS_MASTER_KEY"
]
=
IO
.
binread
(
"config/secrets.yml.key"
).
strip
FileUtils
.
rm
(
"config/secrets.yml.key"
)
assert_match
"production:
\n
# external_api_key"
,
Rails
::
Secrets
.
read
ensure
ENV
[
"RAILS_MASTER_KEY"
]
=
old_key
end
end
end
test
"reading from key file"
do
run_secrets_generator
do
File
.
binwrite
(
"config/secrets.yml.key"
,
"How do I know you feel it?"
)
assert_equal
"How do I know you feel it?"
,
Rails
::
Secrets
.
key
end
end
test
"editing"
do
run_secrets_generator
do
decrypted_path
=
nil
Rails
::
Secrets
.
read_for_editing
do
|
tmp_path
|
decrypted_path
=
tmp_path
assert_match
(
/production:\n# external_api_key/
,
File
.
read
(
tmp_path
))
File
.
write
(
tmp_path
,
"Empty streets, empty nights. The Downtown Lights."
)
end
assert_not
File
.
exist?
(
decrypted_path
)
assert_equal
"Empty streets, empty nights. The Downtown Lights."
,
Rails
::
Secrets
.
read
end
end
test
"merging secrets with encrypted precedence"
do
run_secrets_generator
do
File
.
write
(
"config/secrets.yml"
,
<<-
end_of_secrets
)
test:
yeah_yeah: lets-go-walking-down-this-empty-street
end_of_secrets
Rails
::
Secrets
.
write
(
<<-
end_of_secrets
)
test:
yeah_yeah: lets-walk-in-the-cool-evening-light
end_of_secrets
Rails
.
application
.
config
.
root
=
app_path
Rails
.
application
.
instance_variable_set
(
:@secrets
,
nil
)
# Dance around caching 💃🕺
assert_equal
"lets-walk-in-the-cool-evening-light"
,
Rails
.
application
.
secrets
.
yeah_yeah
end
end
private
def
run_secrets_generator
Dir
.
chdir
(
app_path
)
do
capture
(
:stdout
)
do
Rails
::
Generators
::
EncryptedSecretsGenerator
.
start
end
yield
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录