Module: RailsKeyRotator

Defined in:

lib/rails_key_rotator.rb,
lib/rails_key_rotator/railtie.rb,
lib/rails_key_rotator/version.rb

Defined Under Namespace

Classes: Error, Railtie

Constant Summary

VERSION =

"0.2.4"

Class Method Summary

• .credentials_path ⇒ Object
• .key_path ⇒ Object
• .rotate ⇒ Object
• .rotated? ⇒ Boolean

Class Method Details

.credentials_path ⇒ Object

# File 'lib/rails_key_rotator.rb', line 46

def credentials_path
  File.join(root, "config", "credentials", "#{env}.yml.enc")
end

.key_path ⇒ Object

# File 'lib/rails_key_rotator.rb', line 50

def key_path
  File.join(root, "config", "credentials", "#{env}.key")
end

.rotate ⇒ Object

# File 'lib/rails_key_rotator.rb', line 27

def rotate
  puts "Starting process:"
  decrypted = read(credentials_path) # Decrypt current credentials
  backup_file(credentials_path)      # Backup credentials
  backup_file(key_path)              # Backup key
  write_key                          # Save new key
  write_credentials(decrypted)       # Save new credentials
  puts <<~PROCEDURE

    Finished! The next steps are:

    - Deploy `RAILS_MASTER_KEY_NEW=#{new_key}` to your infrastructure
    - Share the new key w/ your colleagues
    - Commit changes in #{credentials_path}
    - Update `RAILS_MASTER_KEY`and remove `RAILS_MASTER_KEY_NEW` from your infrastructure

  PROCEDURE
end

.rotated? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rails_key_rotator.rb', line 14

def rotated?
  return if ENV["RAILS_MASTER_KEY"].blank?

  if ENV.fetch("RAILS_MASTER_KEY_NEW", false)
    if can_read_credentials!
      ENV["RAILS_MASTER_KEY"] = ENV.fetch("RAILS_MASTER_KEY_NEW")
      say_loud "Using NEW key"
    else
      say_loud "Using OLD key"
    end
  end
end