Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't show contents for EncryptedConfiguration#inspect #48498

Merged
merged 1 commit into from
Jun 16, 2023
Merged

Don't show contents for EncryptedConfiguration#inspect #48498

merged 1 commit into from
Jun 16, 2023
+29 −0

Conversation

p8
Copy link
Member

@p8 p8 commented Jun 16, 2023
edited

If anyone calls Rails.application.credentials in the console it will show the unencrypted contents of the credentials.

By overriding the inspect method to only show the class name we can avoid accidentally outputting sensitive information.

Before:

Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8 ... 
    @config={:secret=>\"something secret\"} ... 
    @key_file_contents=\"915e4ea054e011022398dc242\" ...>"

After:

Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8>"

Checklist

Before submitting the PR make sure the following are checked:

  • This Pull Request is related to one change. Changes that are unrelated should be opened in separate PRs.
  • Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
  • Tests are added or updated if you fix a bug or add a feature.
  • CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.

@p8 p8 force-pushed the activesupport/inspect-encrypted-config branch from 055ba43 to 49b1341 Compare June 16, 2023 09:50
@p8
Don't show contents for EncryptedConfiguration#inspect
7ecd72e 
If anyone calls `Rails.application.credentials` in the console it will
show the unencrypted contents of the credentials.

By overriding the `inspect` method to only show the class name we can
avoid accidentally outputting sensitive information.

Before:
```ruby
Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8 ... @config={:secret=>\"something secret\"} ... @key_file_contents=\"915e4ea054e011022398dc242\" ...>"
```

After:
```ruby
Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8>"
```
@p8 p8 force-pushed the activesupport/inspect-encrypted-config branch from 49b1341 to 7ecd72e Compare June 16, 2023 13:36
@eileencodes eileencodes merged commit 5f4f916 into rails:main Jun 16, 2023
9 checks passed
@p8 p8 deleted the activesupport/inspect-encrypted-config branch June 16, 2023 19:58
@skipkayhil skipkayhil mentioned this pull request Jun 22, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
activesupport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@p8 @eileencodes