Skip to content

Commit e530534

Browse files
author
David Heinemeier Hansson
committed
Added a shared section to config/secrets.yml that will be loaded for all environments
1 parent 85ee483 commit e530534

File tree

4 files changed

+46
-3
lines changed

4 files changed

+46
-3
lines changed

railties/CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,7 @@
1+
## Rails 5.1.0.alpha ##
2+
3+
* Added a shared section to config/secrets.yml that will be loaded for all environments.
4+
5+
*DHH*
16

27
Please check [5-0-stable](https://github.com/rails/rails/blob/5-0-stable/railties/CHANGELOG.md) for previous changes.

railties/lib/rails/application.rb

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -385,11 +385,16 @@ def config=(configuration) #:nodoc:
385385
def secrets
386386
@secrets ||= begin
387387
secrets = ActiveSupport::OrderedOptions.new
388-
yaml = config.paths["config/secrets"].first
388+
yaml = config.paths["config/secrets"].first
389+
389390
if File.exist?(yaml)
390391
require "erb"
391-
all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
392-
env_secrets = all_secrets[Rails.env]
392+
393+
all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
394+
shared_secrets = all_secrets['shared']
395+
env_secrets = all_secrets[Rails.env]
396+
397+
secrets.merge!(shared_secrets.symbolize_keys) if shared_secrets
393398
secrets.merge!(env_secrets.symbolize_keys) if env_secrets
394399
end
395400

railties/lib/rails/generators/rails/app/templates/config/secrets.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,13 @@
1010
# Make sure the secrets in this file are kept private
1111
# if you're sharing your code publicly.
1212

13+
# Shared secrets are available across all environments.
14+
15+
shared:
16+
api_key: 123
17+
18+
# Environmental secrets are only available for that specific environment.
19+
1320
development:
1421
secret_key_base: <%= app_secret %>
1522

@@ -18,5 +25,6 @@ test:
1825

1926
# Do not keep production secrets in the repository,
2027
# instead read values from the environment.
28+
2129
production:
2230
secret_key_base: <%%= ENV["SECRET_KEY_BASE"] %>

railties/test/application/configuration_test.rb

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -555,6 +555,31 @@ def index
555555
assert_equal 'myamazonsecretaccesskey', app.secrets.aws_secret_access_key
556556
end
557557

558+
test "shared secrets saved in config/secrets.yml are loaded in app secrets" do
559+
app_file 'config/secrets.yml', <<-YAML
560+
shared:
561+
api_key: 3b7cd727
562+
YAML
563+
564+
app 'development'
565+
566+
assert_equal '3b7cd727', app.secrets.api_key
567+
end
568+
569+
test "shared secrets will yield to environment specific secrets" do
570+
app_file 'config/secrets.yml', <<-YAML
571+
shared:
572+
api_key: 3b7cd727
573+
574+
development:
575+
api_key: abc12345
576+
YAML
577+
578+
app 'development'
579+
580+
assert_equal 'abc12345', app.secrets.api_key
581+
end
582+
558583
test "blank config/secrets.yml does not crash the loading process" do
559584
app_file 'config/secrets.yml', <<-YAML
560585
YAML

0 commit comments

Comments
 (0)