SecretService

SecretService allows you to store secrets (for example the session secret or other shared secrets) more securely.

It does this by distributing the actual secret between your code and your database. That is, the final secret can only be calculated if you know both the secret given in your code and a secret stored in your database.

Secrets can either be generated randomly on first use, or set using the Raketask.

The Gem does its job by using the secret given in your code to encrypt/decrypt the secret in the database.

As a useful sideeffect this means your different environments (staging / production) will automatically use different secrets.

Caveat

This currently requires ActiveRecord.

Installation

Add this line to your application's Gemfile:

gem 'secret_service'

And then execute:

$ bundle

Usage

To get a random secret, simply use

SecretService.secret("dfa24decafdb058448ac1eadb94e2066381cb92ee301e5a43d556555b61c7ea599e06be870e1d90c655c1b56cea172622d2b04a5e986faed42cbae684c5523c9")

You will probably want to use this in your config/initializers/secret_token.rb initializer.

The database entries (and indeed tables) are created on demand.

Rake tasks

If you use Rails 2.x, you need to put the following line into your Rakefile:

require 'secret_service/rake_tasks'

If you want to use a specific secret, you can put it into the database by calling

rake secret_service:store

The secret you'll put into your code as well as the final secret that will be returned are read from STDIN. You can leave the first one blank to have it generated automatically.

To show a previously stored secret, use

rake secret_service:show

where the_source_secret is the secret used in the SecretService.secret(...) call

Capistrano integration

To get capistrano integration, put this into your config/deploy.rb:

require 'secret_service/capistrano'

You'll get the two rake tasks as corresponding capistrano tasks:

cap secret_service:store
cap secret_service:show

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request