Project

ejson-rails

0.03
A long-lived project that still receives updates
ejson-railsshopify/ejson-railsHomepageDocumentationSource CodeBug TrackerWiki
Rails secret management by encrypting values in a JSON hash with a public/private keypair
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
1,002,323
Stars
21
Forks
3
Watchers
378
 Releases
Current version
1.0.0
Total releases
6
First release
2018-05-25
Latest release
2024-08-14
 Issues
Open Issues
0
Closed Issues
3
Total Issues
3
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
6
Merged Pull Requests
72
Pull Request Acceptance Rate
92%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2024-06-08
Reverse Dependencies
0

 Dependencies

Development

rake
~> 13.0
rspec
~> 3.0

Runtime

ejson
>= 0
railties
>= 6.1
 Project Readme

EJSON::Rails

Build Status

Automatically injects ejson decrypted secrets into your Rails.application.credentials.

Installation

Add this line to your application's Gemfile:

gem 'ejson-rails'

And then execute:

$ bundle

Or install it yourself as:

$ gem install ejson-rails

Configuration

By default, the gem will look for decrypted secrets in project/config/secrets.json or project/config/secrets.{current_rails_environment}.json if that doesn't exist.

If your application or environment has a unique way of retrieving decrypted secrets, you can do so by setting EJSON::Rails::Railtie.ejson_secret_source to a callable object in config/application.rb. For example:

# config/application.rb

# This must be placed BEFORE your application constant which inherits from Rails::Application
EJSON::Rails::Railtie.ejson_secret_source = FooBar::SecretCredentialReader

# Custom credential reader that lives somewhere else
module FooBar
  class SecretCredentialReader
    class << self
      def call
        '{"secret": "secret_from_ejson_secret_source"}'
      end
    end
  end
end

For simple cases, you can use a proc:

EJSON::Rails::Railtie.ejson_secret_source = proc { '{"secret": "secret_from_ejson_secret_source"}' }

Usage

Decrypted secrets will be accessible via Rails.application.credentials. For example:

# project/config/secrets.json

{ "some_secret": "key" }

will be accessible via Rails.application.credentials.some_secret or Rails.application.credentials[:some_secret] upon booting. JSON files are loaded once and contents are deep_merge'd into your app's existing Rails credentials.

To avoid subtle compatibility issues, if a credential already exists, an error will occur.

If you set the EJSON_RAILS_DELETE_SECRETS environment variable to true the gem will automatically delete the secrets from the filesystem after loading them into Rails. It will delete both paths (project/config/secrets.json and project/config/secrets.{current_rails_environment}.json) if the files exist and are writable.

NOTE: This gem does not decrypt ejson for you. You will need to configure this as part of your deployment pipeline.

Migrating to credentials

Rails 7.1 has deprecated application secrets in favor of credentials. ejson-rails no longer writes to Rails secrets to avoid crashing given Rails 7.2 removal of the feature. See the README for the last version that supports secrets to read more about migrating: ejson-rails v0.2.2 – Migrating to credentials.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/Shopify/ejson-rails.

License

The gem is available as open source under the terms of the MIT License.