Added a shared section to config/secrets.yml that will be loaded for all environments

e5305342 · David Heinemeier Hansson · 85ee483f · e5305342 · e5305342 · e5305342
4 changed file
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
+## Rails 5.1.0.alpha ##
+
+*   Added a shared section to config/secrets.yml that will be loaded for all environments.
+
+    *DHH*

 Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/railties/CHANGELOG.md) for previous changes.
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -385,11 +385,16 @@ def config=(configuration) #:nodoc:
    def secrets
      @secrets ||= begin
        secrets = ActiveSupport::OrderedOptions.new
-        yaml = config.paths["config/secrets"].first
+        yaml    = config.paths["config/secrets"].first
+
        if File.exist?(yaml)
          require "erb"
-          all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
-          env_secrets = all_secrets[Rails.env]
+
+          all_secrets    = YAML.load(ERB.new(IO.read(yaml)).result) || {}
+          shared_secrets = all_secrets['shared']
+          env_secrets    = all_secrets[Rails.env]
+
+          secrets.merge!(shared_secrets.symbolize_keys) if shared_secrets
          secrets.merge!(env_secrets.symbolize_keys) if env_secrets
        end


--- a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
+++ b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
@@ -10,6 +10,13 @@
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.

+# Shared secrets are available across all environments.
+
+shared:
+  api_key: 123
+
+# Environmental secrets are only available for that specific environment.
+
 development:
  secret_key_base: <%= app_secret %>

@@ -18,5 +25,6 @@ test:

 # Do not keep production secrets in the repository,
 # instead read values from the environment.
+
 production:
  secret_key_base: <%%= ENV["SECRET_KEY_BASE"] %>
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -555,6 +555,31 @@ def index
      assert_equal 'myamazonsecretaccesskey', app.secrets.aws_secret_access_key
    end

+    test "shared secrets saved in config/secrets.yml are loaded in app secrets" do
+      app_file 'config/secrets.yml', <<-YAML
+        shared:
+          api_key: 3b7cd727
+      YAML
+
+      app 'development'
+
+      assert_equal '3b7cd727', app.secrets.api_key
+    end
+
+    test "shared secrets will yield to environment specific secrets" do
+      app_file 'config/secrets.yml', <<-YAML
+        shared:
+          api_key: 3b7cd727
+        
+        development:
+          api_key: abc12345
+      YAML
+
+      app 'development'
+
+      assert_equal 'abc12345', app.secrets.api_key
+    end
+
    test "blank config/secrets.yml does not crash the loading process" do
      app_file 'config/secrets.yml', <<-YAML
      YAML