Added a way to group common secrets at one place in secrets.yml

- Earlier, if there were common secrets under all environments then they had to be duplicated under each environment in `config/secrets.yml`. - This commit adds a way to specify them under `common` key such that they will be loaded in all environments. - Environment specific secrets will override the common secrets if they are present under both sections.
rails · Apr 25, 2015 · 45eba60 · 45eba60
1 parent 5d6b543
commit 45eba60
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
@@ -1,3 +1,9 @@
+*   Add a way to specify common secrets in `config/secrets.yml` which
+    will be loaded in all environments. Environment specific secrets
+    will override common secrets.
+
+    *Prathamesh Sonpatki*
+
 *   Remove sqlite support from `rails dbconsole`.
 
     *Andrew White*

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
@@ -391,6 +391,8 @@ def secrets
           require "erb"
           all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
           env_secrets = all_secrets[Rails.env]
+          common_secrets = all_secrets['common']
+          secrets.merge!(common_secrets.symbolize_keys) if common_secrets
           secrets.merge!(env_secrets.symbolize_keys) if env_secrets
         end
 

diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
@@ -521,6 +521,32 @@ def index
       end
     end
 
+    test "secrets common to all environments can be specified in secrets.yml" do
+      app_file 'config/secrets.yml', <<-YAML
+        common:
+          foo_api_token: 1234567
+      YAML
+
+      require "#{app_path}/config/environment"
+
+      assert_equal 1234567, app.secrets.foo_api_token
+    end
+
+    test "environment specific secrets override common secrets" do
+      app_file 'config/secrets.yml', <<-YAML
+        common:
+          foo_api_token: 1234567
+        production:
+          foo_api_token: 99999999
+      YAML
+
+      with_rails_env "production" do
+        require "#{app_path}/config/environment"
+      end
+
+      assert_equal 99999999, app.secrets.foo_api_token
+    end
+
     test "protect from forgery is the default in a new app" do
       make_basic_app