credentials_demo

Demo of environment aware Rails encrypted credentials with environment variable override

Stars
22
Committers
1
View Code on GitHub View on X
Ecosystems: Ruby on Rails, Ruby

Credentials Demo

What

Demo of environment aware Rails encrypted credentials with environment variable override.

Why

  1. Simplifies configuration management
  2. Centralizes application secrets
  3. Reduces the number of managed environment variables... often limited to one (RAILS_MASTER_KEY)
  4. Eliminates wasted developer time due to missing environment variables
  5. Reduces gem dependencies... dotenv, etc.
  6. Preserves productivity by exposing configuraiton via the environment ENV
  7. Retains flexibility by allowing the environment (ENV) to override

How

  1. Edit the Rails encrypted credentials file.

    bin/rails credentials:edit

    default: &default
  aws_access_key_id: AKIAIOSFODNN7EXAMPLE
  aws_region: us-east-1
  aws_secret_access_key: b1e4c2d8f9a7g5i3h2j4k1l6m8n0o9p5q7r3s1t2u6v8w0x9y4z2

development:
  <<: *default
  database: db/databases/development.sqlite3
  secret_key_base: 31461f5d38cc7f2e919ea18e9a390bd3558a31be2e5d8e79b9c40ae7a91a5990768da5c8baa2521462c366f5568c4d58b843f92ea5eda71d9bc9c8a8b0c96435

test:
  <<: *default
  database: db/databases/test.sqlite3
  secret_key_base: 852d4a5f4796699b4204c776c6b7f2934fd2f5424ac9d2f8f15d6bf9a0efc1f4bc5fd6b44fd1b0774de7168a0990d76ae6c3229370414db7b7d66830b2f74491

production:
  <<: *default
  aws_access_key_id: AKIA5VXCTQ99GEXAMPLE
  aws_secret_access_key: 3a9d8a2b5c4e1f7g6h2i5j1k3l4m7n8o9p0q1r2s3t4u5v6w7x8y9z0
  database: db/databases/production.sqlite3
  secret_key_base: b05157ed1f089563a5c754d6219b6a4fdf7c521d0e970ddc15cdd9a1bec58fa251191d50d1b8500987a2589a98afa20f27b964e2eefed9dbc574036880af34e0

  2. The application merges the encrypted credentials into the environment ENV on boot

    View the code here..

    creds = credentials[Rails.env.to_sym]
  .with_indifferent_access
  .transform_keys(&:upcase)
  .transform_values(&:to_s)

ENV.merge! creds.merge(ENV)

  3. Access the configuration via ENV

    bin/rails console --environment development

    ENV.fetch "DATABASE" # => db/databases/development.sqlite3

    bin/rails console --environment test

    ENV.fetch "DATABASE" # => db/databases/test.sqlite3

    bin/rails console --environment production

    ENV.fetch "DATABASE" # => db/databases/production.sqlite3

    Example of environment variable override.

    DATABASE=db/databases/foo.sqlite3 bin/rails console --environment production

    ENV.fetch "DATABASE" # => db/databases/foo.sqlite3

Next Steps

Consider combining this technique with environment specific credentials if you'd like to hide specific environment configurations from developers.

bin/rails credentials:help
bin/rails credentials:edit --environment production
Related Projects
loadout

Rails configuration helpers

11 Aug 2024 3
aws-secrets-manager

Aws Secrets Manager

29 Aug 2024 1
better_settings

⚙ Settings for Ruby apps – fast, immutable, better.

29 Dec 2017 20
rails-project-template

Base Rails Project based on my personal preferences at the moment.

05 Jan 2021 1
boilerplate-rails-5-app

Ruby on Rails 5 with HAML, SASS, CoffeeScript, Bootstrap, Devise, Rspec, Capybara

23 Nov 2016 11
has_configuration

Easy configuration management for Ruby classes with yaml file

08 Oct 2013 3
linux-for-pirates-2

DevOps with Docker, Ruby on Rails and Linux for Pirates!

09 Jul 2024 5
system_settings

System Settings is a Rails engine that adds settings functionality

01 May 2019 4
rails-json-api

a working example of Rails providing camelCase JSON API service

21 Dec 2017 2
rails_api_base

API boilerplate project for Ruby on Rails 7

10 Oct 2016 483
param_store

Easy switch in between ENV, AWS Parameter Store, AWS Secrets Manager and EJSON

25 Dec 2018 11
rails_skeleton

Rails 6/7 skeleton

05 May 2019 2
creds

Encrypted & plain text credentials for multiple environments

30 Mar 2018 37
rails_7_base_api

Rails 7 Base API

22 May 2024 0