No release in over 3 years
Low commit activity in last 3 years
There's a lot of open issues
Capistrano tasks for automating `secrets.yml` file handling for Rails 4+ apps. This plugins syncs contents of your local secrets file and copies that to the remote server.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 12.3

Runtime

>= 3.10
>= 1.17.0
 Project Readme

Capistrano::SecretsYml

Capistrano tasks for handling secrets.yml when deploying Rails 4+ apps.

Install

Add this to Gemfile:

group :development do
  gem 'capistrano', '~> 3.10.0'
  gem 'capistrano-secrets-yml', '~> 1.1.0'
end

And then:

$ bundle install

Setup and usage

  • Make sure your local config/secrets.yml is not git tracked. It should be on the disk, but gitignored.

  • Populate production secrets in local config/secrets.yml:

      production:
        secret_key_base: d6ced...
    
  • Add to Capfile:

      require 'capistrano/secrets_yml'
    
  • Create secrets.yml file on the remote server by executing this task:

      $ bundle exec cap production setup
    

You can now proceed with other deployment tasks.

What if a new config is added to secrets file?

  • add it to local config/secrets.yml:

      production:
        secret_key_base: d6ced...
        foobar: some_other_secret
    
  • if you're working in a team where other people have the deploy rights, compare you local secrets.yml with the one on the server. This is to ensure you didn't miss an update.

  • copy to the server:

    if you only need to update secrets.yml

      $ bundle exec cap production secrets_yml:setup
    

    or if other Capistrano plugins need to be setup

      $ bundle exec cap production setup
    
  • notify your colleagues that have the deploy rights that the remote secrets.yml has been updated so they can change their copy.

How it works

When you execute $ bundle exec production setup:

  • secrets from your local secrets.yml are copied to the servers in your config/deploy/{environment}.rb files using the user: value. a.
  • only "stage" secrets are copied: if you are deploying to production, only production secrets are copied there
  • on the server secrets file is located in #{shared_path}/config/secrets.yml

On deployment:

  • secrets file is automatically symlinked to #{current_path}/config/secrets.yml

Configuration

None.

More Capistrano automation?

Check out capistrano-plugins github org.

FAQ

  • shouldn't we be keeping configuration in environment variables as per 12 factor app rules?

    On Heroku, yes.
    With Capistrano, those env vars still have to be written somewhere on the disk and used with a tool like dotenv.

    Since we have to keep configuration on the disk anyway, it probably makes sense to use Rails 4 built-in secrets.yml mechanism.

License

MIT