1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Commit graph

19 commits

Author SHA1 Message Date
Kasper Timm Hansen
bb30f05f38
Deprecate encrypted secrets in favor of credentials.
Allow edits of existing encrypted secrets generated on Rails 5.1,
but refer to credentials when attempting to setup.

This also removes the need for any of the setup code, so the
generator can be ripped out altogether.
2017-11-12 17:50:09 +01:00
David Heinemeier Hansson
69f976b859 Add credentials using a generic EncryptedConfiguration class (#30067)
* WIP: Add credentials using a generic EncryptedConfiguration class

This is sketch code so far.

* Flesh out EncryptedConfiguration and test it

* Better name

* Add command and generator for credentials

* Use the Pathnames

* Extract EncryptedFile from EncryptedConfiguration and add serializers

* Test EncryptedFile

* Extract serializer validation

* Stress the point about losing comments

* Allow encrypted configuration to be read without parsing for display

* Use credentials by default and base them on the master key

* Derive secret_key_base in test/dev, source it from credentials in other envs

And document the usage.

* Document the new credentials setup

* Stop generating the secrets.yml file now that we have credentials

* Document what we should have instead

Still need to make it happen, tho.

* [ci skip] Keep wording to `key base`; prefer defaults.

Usually we say we change defaults, not "spec" out a release.

Can't use backticks in our sdoc generated documentation either.

* Abstract away OpenSSL; prefer MessageEncryptor.

* Spare needless new when raising.

* Encrypted file test shouldn't depend on subclass.

* [ci skip] Some woordings.

* Ditch serializer future coding.

* I said flip it. Flip it good.

* [ci skip] Move require_master_key to the real production.rb.

* Add require_master_key to abort the boot process.

In case the master key is required in a certain environment
we should inspect that the key is there and abort if it isn't.

* Print missing key message and exit immediately.

Spares us a lengthy backtrace and prevents further execution.

I've verified the behavior in a test app, but couldn't figure the
test out as loading the app just exits immediately with:

```
/Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError)
	from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run'
	from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method'
	from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start'
```

It's likely we need to capture and prevent the exit somehow.
Kernel.stub(:exit) didn't work. Leaving it for tomorrow.

* Fix require_master_key config test.

Loading the app would trigger the `exit 1` per require_master_key's
semantics, which then aborted the test.

Fork and wait for the child process to finish, then inspect the
exit status.

Also check we aborted because of a missing master key, so something
else didn't just abort the boot.

Much <3 to @tenderlove for the tip.

* Support reading/writing configs via methods.

* Skip needless deep symbolizing.

* Remove save; test config reader elsewhere.

* Move secret_key_base check to when we're reading it.

Otherwise we'll abort too soon since we don't assign the secret_key_base
to secrets anymore.

* Add missing string literal comments; require unneeded yaml require.

* ya ya ya, rubocop.

* Add master_key/credentials after bundle.

Then we can reuse the existing message on `rails new bc4`.

It'll look like:

```
Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb)
Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails`
Using sass-rails 5.0.6
Bundle complete! 16 Gemfile dependencies, 72 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0

Save this in a password manager your team can access.

If you lose the key, no one, including you, can access anything encrypted with it.

      create  config/master.key
```

And that'll be executed even if `--skip-bundle` was passed.

* Ensure test app has secret_key_base.

* Assign secret_key_base to app or omit.

* Merge noise

* Split options for dynamic delegation into its own method and use deep symbols to make it work

* Update error to point to credentials instead

* Appease Rubocop

* Validate secret_key_base when reading it.

Instead of relying on the validation in key_generator move that into
secret_key_base itself.

* Fix generator and secrets test.

Manually add config.read_encrypted_secrets since it's not there by default
anymore.

Move mentions of config/secrets.yml to config/credentials.yml.enc.

* Remove files I have no idea how they got here.

* [ci skip] swap secrets for credentials.

* [ci skip] And now, changelogs are coming.
2017-09-11 20:21:20 +02:00
yuuji.yaginuma
241d6a596a Reorganize secrets test to use only isolation/abstract_unit
Currently, secrets test uses `abstract_unit` and `isolation/abstract_unit`.
This is a bit odd. Therefore, reorganize it so that use only
`isolation/abstract_unit`.

Context: https://github.com/rails/rails/pull/30520#issuecomment-327409586
2017-09-07 17:52:10 +09:00
Matthew Draper
802ce8a239 Run in-app rails commands via fork+load where possible
While this avoids shell argument parsing, we still pass through
everything in our stack.
2017-09-04 20:19:39 +09:30
Yoshiyuki Hirano
ac345f5dad Fix indentation in the template for secrets 2017-08-23 06:48:13 +09:00
Pat Allan
acea68de02 Adding frozen_string_literal pragma to Railties. 2017-08-14 19:08:09 +02:00
Pat Allan
d435c92721 Railties updates for frozen string literals. 2017-08-14 19:00:24 +02:00
Wojciech Wnętrzak
af3b6c367b
Fix false positive test related to wrong app root path.
Without setting root config, `config.paths["config/secrets"]`
located in 84eb498f84/railties/lib/rails/application.rb (L390)
always returned empty list.
2017-07-21 14:25:23 +02:00
yuuji.yaginuma
be4ebc4780 Treat secrets as binary
Until Rails 5.1.1 secrets was treated as binary inside Rails.
https://github.com/rails/rails/blob/v5.1.1/railties/lib/rails/secrets.rb#L59
https://github.com/rails/rails/blob/v5.1.1/railties/lib/rails/secrets.rb#L63

However, it is treated as String in Rails 5.1.2(changed by 157db87210).
https://github.com/rails/rails/blob/v5.1.2/railties/lib/rails/secrets.rb#L104
https://github.com/rails/rails/blob/v5.1.2/railties/lib/rails/secrets.rb#L108

As a result, when upgrading from Rails 5.1.1 to 5.1.2, to write the value
treated as binary using `File.write`, causing an error.

In order to avoid `UndefinedConversionError`, fixed it to treat it as
binary like 5.1.1.
Fixes #29696
2017-07-09 09:25:45 +09:00
yuuji.yaginuma
32327eb123 Do not update secrets.yml.enc when secretes do not change
Currently, if open a file with `secrets:edit` command, `secrets.yml.enc`
will be changed even if its contents do not change.

Therefore, even if only want to check secrets, the difference will come
out. This is a little inconvenient.

As a fix to the above problem, when content does not change,
`secrets.yml.ecn` is fixed so that it is not changed.
2017-07-07 12:16:53 +09:00
Matthew Draper
87b3e226d6 Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"
This reverts commit 3420a14590, reversing
changes made to afb66a5a59.
2017-07-02 02:15:17 +09:30
Kir Shatrov
cfade1ec7e Enforce frozen string in Rubocop 2017-07-01 02:11:03 +03:00
Kasper Timm Hansen
fadb50ef0f Let run_secrets_generator handle chdir. 2017-04-16 16:22:34 +02:00
yuuji.yaginuma
827bfe4f41 Use the config value directly when call secrets
Currently, `read_encrypted_secrets` is set with initializer.
Therefore if refer to `secrets` in config, `read_encrypted_secrets` is false,
so can not get the value of `secrets.yml.enc`.

In order to be able to refer to secrets in config, modified to refer to
`config.read_encrypted_secrets` when calling `secrets`.

Fixes #28618.
2017-04-16 09:35:45 +09:00
Kasper Timm Hansen
e3b4554f23 Move key packing into encryptor. 2017-03-02 19:38:01 +01:00
Stephen Touset
6aa6f9ae44 Default Secrets to AES-128-GCM, using ActiveSupport::MessageEncryptor
Fixes #28135.
2017-03-01 14:54:34 -08:00
Kasper Timm Hansen
fbee4e3ce3 Revert "Revert "Add encrypted secrets"" 2017-02-23 18:15:28 +01:00
David Heinemeier Hansson
039380e3ee Revert "Add encrypted secrets" (#28127) 2017-02-23 15:55:15 +01:00
Kasper Timm Hansen
1166094569 Add encrypted secrets (#28038) 2017-02-23 15:01:02 +01:00