Class: EasyCrypt::SecretsProvider::RailsCredentialsProvider

Inherits:

Base

• Object
• Base
• EasyCrypt::SecretsProvider::RailsCredentialsProvider

Defined in:

lib/easy_crypt/secrets_provider/rails_credentials_provider.rb

Overview

Provider that fetches encryption configuration from Rails credentials

Configuration should be structured in credentials.yml.enc as:

easy_crypt: # EasyCrypt purposes configuration parent key

authentication:               # Credential for the "authentication" purpose
  cipher: "aes128"            # (optional) Cipher to use for the encryption
                              #   falls back to EasyCrypt.default_cipher is not set
  salt: "your-salt-value"     # Salt value for the encryption
  secret: "your-secret-key"   # Secret key for the encryption
user_data:                    # Credential for the "user data" purpose
  salt: "different-salt"      # Salt value for the encryption
  secret: "different-secret"  # Secret key for the encryption

You can define multiple credential purposes under the ‘easy_crypt` namespace, each with its own configuration. The credential purpose is specified when initializing the provider.

To edit credentials.yml.enc, you can use one of these commands:

With Visual Studio Code:

EDITOR="code --wait" bin/rails credentials:edit

With Vim:

EDITOR="vim" bin/rails credentials:edit

With Sublime Text:

EDITOR="subl --wait" bin/rails credentials:edit

With Nano:

EDITOR="nano" bin/rails credentials:edit

Examples:

Configuration in credentials.yml.enc

easy_crypt:
  authentication:
    cipher: aes128
    salt: "salt for the authentication purpose"
    secret: "secret for the authentication purpose"
  user_data:
    salt: "different-salt"
    secret: "different-secret"

Accessing credentials

# Using authentication credentials
provider = RailsCredentialsProvider.new(:authentication)
provider.cipher  #=> "aes128"
provider.salt    #=> "salt for the authentication purpose"
provider.secret  #=> "secret for the authentication purpose"

# Using user_data credentials
provider = RailsCredentialsProvider.new(:user_data)
provider.cipher  #=> nil
provider.salt    #=> "different-salt"
provider.secret  #=> "different-secret"

Instance Attribute Summary

Attributes inherited from Base

#purpose

Instance Method Summary

• #cipher ⇒ String^?

  The encryption cipher from Rails credentials.

• #salt ⇒ String

  The salt value from Rails credentials.

• #secret ⇒ String

  The secret key from Rails credentials.

Methods inherited from Base

#initialize, #validate_attributes!

Constructor Details

This class inherits a constructor from EasyCrypt::SecretsProvider::Base

Instance Method Details

#cipher ⇒ String^?

Returns The encryption cipher from Rails credentials.

Returns:

• (String, nil) —

  The encryption cipher from Rails credentials

# File 'lib/easy_crypt/secrets_provider/rails_credentials_provider.rb', line 61

def cipher
  credentials&.cipher
end

#salt ⇒ String

Returns The salt value from Rails credentials.

Returns:

• (String) —

  The salt value from Rails credentials

# File 'lib/easy_crypt/secrets_provider/rails_credentials_provider.rb', line 66

def salt
  credentials&.salt
end

#secret ⇒ String

Returns The secret key from Rails credentials.

Returns:

• (String) —

  The secret key from Rails credentials

# File 'lib/easy_crypt/secrets_provider/rails_credentials_provider.rb', line 71

def secret
  credentials&.secret
end