From d7d064984f05fcad1b7019f026e174cfbb1cf94e Mon Sep 17 00:00:00 2001
From: Jacopo <beschi.jacopo@gmail.com>
Date: Fri, 19 Sep 2025 16:08:10 +0200
Subject: [PATCH] Config: Switch to encrypted credentials

And fix missing "%" in the `connect_to_development_server` template key.
---
 README.md                                      | 18 +++++++++---------
 .../install/templates/config/push.yml.tt       | 10 ++++++----
 test/dummy/config/push.yml                     |  8 +++++---
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 0875aa6..23a394e 100644
--- a/README.md
+++ b/README.md
@@ -75,8 +75,8 @@ shared:
   apple:
     # Token auth params
     # See https://developer.apple.com/documentation/usernotifications/establishing-a-token-based-connection-to-apns
-    key_id: your_key_id
-    encryption_key: your_apple_encryption_key
+    key_id: <%= Rails.application.credentials.dig(:action_push_native, :apns, :key_id) %>
+    encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :apns, :encryption_key) %>
 
     team_id: your_apple_team_id
     # Your identifier found on https://developer.apple.com/account/resources/identifiers/list
@@ -85,7 +85,7 @@ shared:
   google:
     # Your Firebase project service account credentials
     # See https://firebase.google.com/docs/cloud-messaging/auth-server
-    encryption_key: your_service_account_json_file
+    encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :fcm, :encryption_key) %>
 
     # Firebase project_id
     project_id: your_project_id
@@ -130,16 +130,16 @@ shared:
     calendar:
       # Token auth params
       # See https://developer.apple.com/documentation/usernotifications/establishing-a-token-based-connection-to-apns
-      key_id: calendar_key_id
-      encryption_key: calendar_apple_encryption_key
+      key_id: <%= Rails.application.credentials.dig(:action_push_native, :apns, :calendar, :key_id) %>
+      encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :apns, :calendar, :encryption_key) %>
       # Your identifier found on https://developer.apple.com/account/resources/identifiers/list
       topic: calendar.bundle.identifier
 
     email:
       # Token auth params
       # See https://developer.apple.com/documentation/usernotifications/establishing-a-token-based-connection-to-apns
-      key_id: email_key_id
-      encryption_key: email_apple_encryption_key
+      key_id: <%= Rails.application.credentials.dig(:action_push_native, :apns, :email, :key_id) %>
+      encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :apns, :email, :encryption_key) %>
       # Your identifier found on https://developer.apple.com/account/resources/identifiers/list
       topic: email.bundle.identifier
 
@@ -147,7 +147,7 @@ shared:
     calendar:
       # Your Firebase project service account credentials
       # See https://firebase.google.com/docs/cloud-messaging/auth-server
-      encryption_key: calendar_service_account_json_file
+      encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :fcm, :calendar, :encryption_key) %>
 
       # Firebase project_id
       project_id: calendar_project_id
@@ -155,7 +155,7 @@ shared:
     email:
       # Your Firebase project service account credentials
       # See https://firebase.google.com/docs/cloud-messaging/auth-server
-      encryption_key: email_service_account_json_file
+      encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :fcm, :email, :encryption_key) %>
 
       # Firebase project_id
       project_id: email_project_id
diff --git a/lib/generators/action_push_native/install/templates/config/push.yml.tt b/lib/generators/action_push_native/install/templates/config/push.yml.tt
index 00bc4dd..80dfdbe 100644
--- a/lib/generators/action_push_native/install/templates/config/push.yml.tt
+++ b/lib/generators/action_push_native/install/templates/config/push.yml.tt
@@ -1,9 +1,10 @@
 shared:
+  # Use bin/rails credentials:edit to set the apns secrets (as action_push_native:apns:key_id|encryption_key)
   apple:
     # Token auth params
     # See https://developer.apple.com/documentation/usernotifications/establishing-a-token-based-connection-to-apns
-    key_id: your_key_id
-    encryption_key: your_apple_encryption_key
+    key_id: <%%= Rails.application.credentials.dig(:action_push_native, :apns, :key_id) %>
+    encryption_key: <%%= Rails.application.credentials.dig(:action_push_native, :apns, :encryption_key) %>
 
     team_id: your_apple_team_id
     # Your identifier found on https://developer.apple.com/account/resources/identifiers/list
@@ -20,12 +21,13 @@ shared:
     # Please note that anything built directly from Xcode and loaded on your phone will have
     # the app generate DEVELOPMENT tokens, while everything else (TestFlight, Apple Store, ...)
     # will be considered as PRODUCTION environment.
-    # connect_to_development_server: <%# Rails.env.development? %>
+    # connect_to_development_server: <%%# Rails.env.development? %>
 
+  # Use bin/rails credentials:edit to set the fcm secrets (as action_push_native:fcm:encryption_key)
   google:
     # Your Firebase project service account credentials
     # See https://firebase.google.com/docs/cloud-messaging/auth-server
-    encryption_key: your_service_account_json_file
+    encryption_key: <%%= Rails.application.credentials.dig(:action_push_native, :fcm, :encryption_key) %>
 
     # Firebase project_id
     project_id: your_project_id
diff --git a/test/dummy/config/push.yml b/test/dummy/config/push.yml
index f08a60e..1c42b05 100644
--- a/test/dummy/config/push.yml
+++ b/test/dummy/config/push.yml
@@ -1,9 +1,10 @@
 shared:
+  # Use bin/rails credentials:edit to set the apns secrets (as action_push_native:apns:key_id|encryption_key)
   apple:
     # Token auth params
     # See https://developer.apple.com/documentation/usernotifications/establishing-a-token-based-connection-to-apns
-    key_id: your_key_id
-    encryption_key: your_apple_encryption_key
+    key_id: <%= Rails.application.credentials.dig(:action_push_native, :apns, :key_id) %>
+    encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :apns, :encryption_key) %>
 
     team_id: your_apple_team_id
     # Your identifier found on https://developer.apple.com/account/resources/identifiers/list
@@ -22,10 +23,11 @@ shared:
     # will be considered as PRODUCTION environment.
     # connect_to_development_server: <%# Rails.env.development? %>
 
+  # Use bin/rails credentials:edit to set the fcm secrets (as action_push_native:fcm:encryption_key)
   google:
     # Your Firebase project service account credentials
     # See https://firebase.google.com/docs/cloud-messaging/auth-server
-    encryption_key: your_service_account_json_file
+    encryption_key: <%= Rails.application.credentials.dig(:action_push_native, :fcm, :encryption_key) %>
 
     # Firebase project_id
     project_id: your_project_id