Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
3cac5fe9
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
3cac5fe9
编写于
9月 20, 2018
作者:
Y
Yuji Yaginuma
提交者:
GitHub
9月 20, 2018
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #33928 from freeletics/fix-key-env
Fixed to RAILS_MASTER_KEY as a default env key for decrypting.
上级
2487a379
b4b70ef2
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
8 addition
and
12 deletion
+8
-12
railties/CHANGELOG.md
railties/CHANGELOG.md
+1
-1
railties/lib/rails/application.rb
railties/lib/rails/application.rb
+1
-1
railties/lib/rails/commands/credentials/USAGE
railties/lib/rails/commands/credentials/USAGE
+1
-1
railties/lib/rails/commands/credentials/credentials_command.rb
...ies/lib/rails/commands/credentials/credentials_command.rb
+5
-9
未找到文件。
railties/CHANGELOG.md
浏览文件 @
3cac5fe9
*
Support environment specific credentials file.
For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by
`ENV["RAILS_
PRODUCTION
_KEY"]` or `config/credentials/production.key` master key.
`ENV["RAILS_
MASTER
_KEY"]` or `config/credentials/production.key` master key.
Edit given environment credentials file by command `rails credentials:edit --environment production`.
Default paths can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
...
...
railties/lib/rails/application.rb
浏览文件 @
3cac5fe9
...
...
@@ -440,7 +440,7 @@ def secret_key_base
# +config/master.key+.
# If specific credentials file exists for current environment, it takes precedence, thus for +production+
# environment look first for +config/credentials/production.yml.enc+ with master key taken
# from <tt>ENV["RAILS_
PRODUCTION
_KEY"]</tt> or from loading +config/credentials/production.key+.
# from <tt>ENV["RAILS_
MASTER
_KEY"]</tt> or from loading +config/credentials/production.key+.
# Default behavior can be overwritten by setting +config.credentials.content_path+ and +config.credentials.key_path+.
def
credentials
@credentials
||=
encrypted
(
config
.
credentials
.
content_path
,
key_path:
config
.
credentials
.
key_path
)
...
...
railties/lib/rails/commands/credentials/USAGE
浏览文件 @
3cac5fe9
...
...
@@ -43,7 +43,7 @@ from leaking.
It is possible to have credentials for each environment. If the file for current environment exists it will take
precedence over `config/credentials.yml.enc`, thus for `production` environment first look for
`config/credentials/production.yml.enc` that can be decrypted using master key taken from `ENV["RAILS_
PRODUCTION
_KEY"]`
`config/credentials/production.yml.enc` that can be decrypted using master key taken from `ENV["RAILS_
MASTER
_KEY"]`
or stored in `config/credentials/production.key`.
To edit given file use command `rails credentials:edit --environment production`
Default paths can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
railties/lib/rails/commands/credentials/credentials_command.rb
浏览文件 @
3cac5fe9
...
...
@@ -24,13 +24,13 @@ def edit
ensure_editor_available
(
command:
"bin/rails credentials:edit"
)
||
(
return
)
encrypted
=
Rails
.
application
.
encrypted
(
content_path
,
key_path:
key_path
,
env_key:
env_key
)
encrypted
=
Rails
.
application
.
encrypted
(
content_path
,
key_path:
key_path
)
ensure_encryption_key_has_been_added
(
key_path
)
if
encrypted
.
key
.
nil?
ensure_encrypted_file_has_been_added
(
content_path
,
key_path
)
catch_editing_exceptions
do
change_encrypted_file_in_system_editor
(
content_path
,
key_path
,
env_key
)
change_encrypted_file_in_system_editor
(
content_path
,
key_path
)
end
say
"File encrypted and saved."
...
...
@@ -41,7 +41,7 @@ def edit
def
show
require_application_and_environment!
encrypted
=
Rails
.
application
.
encrypted
(
content_path
,
key_path:
key_path
,
env_key:
env_key
)
encrypted
=
Rails
.
application
.
encrypted
(
content_path
,
key_path:
key_path
)
say
encrypted
.
read
.
presence
||
missing_encrypted_message
(
key:
encrypted
.
key
,
key_path:
key_path
,
file_path:
content_path
)
end
...
...
@@ -55,10 +55,6 @@ def key_path
options
[
:environment
]
?
"config/credentials/
#{
options
[
:environment
]
}
.key"
:
"config/master.key"
end
def
env_key
options
[
:environment
]
?
"RAILS_
#{
options
[
:environment
].
upcase
}
_KEY"
:
"RAILS_MASTER_KEY"
end
def
ensure_encryption_key_has_been_added
(
key_path
)
encryption_key_file_generator
.
add_key_file
(
key_path
)
...
...
@@ -69,8 +65,8 @@ def ensure_encrypted_file_has_been_added(file_path, key_path)
encrypted_file_generator
.
add_encrypted_file_silently
(
file_path
,
key_path
)
end
def
change_encrypted_file_in_system_editor
(
file_path
,
key_path
,
env_key
)
Rails
.
application
.
encrypted
(
file_path
,
key_path:
key_path
,
env_key:
env_key
).
change
do
|
tmp_path
|
def
change_encrypted_file_in_system_editor
(
file_path
,
key_path
)
Rails
.
application
.
encrypted
(
file_path
,
key_path:
key_path
).
change
do
|
tmp_path
|
system
(
"
#{
ENV
[
"EDITOR"
]
}
#{
tmp_path
}
"
)
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录