Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

secret_broker

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

secret_broker

  • 0.1.0
  • Rubygems
  • Socket score

Version published
Maintainers
1
Created
Source

SecretBroker

See the usage section for more details

Installation

Add this line to your application's Gemfile:

gem 'secret_broker'

And then execute:

$ bundle

Or install it yourself as:

$ gem install secret_broker

After installing the gem you can run the installation rake task which sets up staging and production ejson files with public keys. Command:

$ bundle exec rake secret_broker:install_secrets

Working with Secrets/Usage

Overview

We use EJSON to store secrets for remote environments in the git repo. EJSON encrypts secrets so they are not stored in plaintext. EJSON files are stored in config/secrets/environment.ejson. EJSON is only used in remote environments. Secrets from EJSON are decrypted when the app boots.

Accessing Secrets in the Application

All application secrets should come from Rails.application.secrets.secret_key which is loaded from config/secrets/yml. Since Rails.application.secrets.secret_key is cumbersome to write, you can also write Secrets.secret_key.

Modifying Secrets

Local Environment

Open up config/secrets.yml and change the secret you want to change.

Remote Environment

Open up the EJSON file for the environment you want to change the secret for. Find the key for the secret you want to change. Replace the encrypted value with the plaintext value. Run ejson encrypt environment.ejson. Then add and commit the file.

Example scenario: I want to change the production database password.

Open config/secrets/production.ejson. It looks like:

{
  "_public_key": "some_value",
  "some_secret_key: "ENCRYPTED_VALUE",
  "database_password": "ENCRYPTED_OLD_PASSWORD",
  "some_other_secret_key: "ENCRYPTED_VALUE"
}

Modify the file with the new password. It looks like:

{
  "_public_key": "some_value",
  "some_secret_key: "ENCRYPTED_VALUE",
  "database_password": "new_plaintext_pa$$w0rd",
  "some_other_secret_key: "ENCRYPTED_VALUE"
}

Run ejson encrypt production.ejson. It looks like:

{
  "_public_key": "some_value",
  "some_secret_key: "ENCRYPTED_VALUE",
  "database_password": "ENCRYPTED_NEW_PASSWORD",
  "some_other_secret_key: "ENCRYPTED_VALUE"
}

Run git add config/secrets/production.ejson && git commit -m "Updated production database password.

References

EJSON gem on Github

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

FAQs

Package last updated on 01 Sep 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc