Automatically injects ejson decrypted secrets into your Rails.application.credentials.
Add this line to your application's Gemfile:
gem 'ejson-rails'
And then execute:
$ bundle
Or install it yourself as:
$ gem install ejson-rails
By default, the gem will look for decrypted secrets in project/config/secrets.json or project/config/secrets.{current_rails_environment}.json if that doesn't exist.
If your application or environment has a unique way of retrieving decrypted secrets, you can do so by setting EJSON::Rails::Railtie.ejson_secret_source to a callable object in config/application.rb. For example:
# config/application.rb
# This must be placed BEFORE your application constant which inherits from Rails::Application
EJSON::Rails::Railtie.ejson_secret_source = FooBar::SecretCredentialReader
# Custom credential reader that lives somewhere else
module FooBar
class SecretCredentialReader
class << self
def call
'{"secret": "secret_from_ejson_secret_source"}'
end
end
end
end
For simple cases, you can use a proc:
EJSON::Rails::Railtie.ejson_secret_source = proc { '{"secret": "secret_from_ejson_secret_source"}' }
Decrypted secrets will be accessible via Rails.application.credentials. For example:
# project/config/secrets.json
{ "some_secret": "key" }
will be accessible via Rails.application.credentials.some_secret or Rails.application.credentials[:some_secret] upon booting. JSON files are loaded once and contents are deep_merge'd into your app's existing Rails credentials.
To avoid subtle compatibility issues, if a credential already exists, an error will occur.
If you set the EJSON_RAILS_DELETE_SECRETS environment variable to true the gem will automatically delete the secrets from the filesystem after loading them into Rails. It will delete both paths (project/config/secrets.json and project/config/secrets.{current_rails_environment}.json) if the files exist and are writable.
NOTE: This gem does not decrypt ejson for you. You will need to configure this as part of your deployment pipeline.
Rails 7.1 has deprecated application secrets in favor of credentials. ejson-rails no longer writes to Rails secrets to avoid crashing given Rails 7.2 removal of the feature. See the README for the last version that supports secrets to read more about migrating: ejson-rails v0.2.2 – Migrating to credentials.
After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/Shopify/ejson-rails.
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that ejson-rails demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.