thekompanee
Unsecure
Why This Change Is Necessary
This implements an unsecure command to fix #77. It's currently at the hack 'n' slash stage of development and I haven't implemented any tests because the existing tests do not pass for me locally so what's the point.
That said, it does work on my own chamber secrets. I'm only posting here at this stage as an FYI for anyone that needs it or wants to work on it
- [] Bug Fix
- [x] New Feature
How These Changes Address the Issue
- Added a new
unsecurecommand to the runner so runningchamber unsecuredecrypts and saves all your settings files - A new Instance#unsecure command
- FileSet#unsecure
- File#decrypt
- Settings#encrypted and Settings#decrypted to return the encrypted and decrypted values
I don't love the name "unsecure" but I wanted to distinguish from "decrypt" because Chamber does decrypting all the time when a Rails app boots and "unsecuring" is a much more drastic action which persists the unencrypted settings. That said, I switched to "decrypt" in the Settings and File classes for reasons I can't remember.
Side Effects Caused By This Change
- [] This Causes a Breaking Change
- [x] This Does Not Cause Any Known Side Effects
Checklist
- [] I have run
rubocopagainst the codebase - [] I have added tests to cover my changes
- [] All new and existing tests passed
@ideasasylum I dig this. Thank you! It might be a bit before I get this into a release but it'll happen in the next couple months.
If anyone is curious, I verified the operation of this PR against my chamber settings using this Rails script:
def load_chamber rails_env, hostname
Chamber.load basepath: ::Rails.root.join("config"), namespaces: {environment: -> { rails_env }, hostname: -> { hostname }}
end
def export_chamber filename
puts filename
# puts Chamber.to_environment.awesome_inspect(plain: true, index: false)
File.open(filename, "w+") do |file|
file.puts Chamber.to_environment.awesome_inspect(plain: true, index: false)
end
end
def test_chamber rails_env, hostname = nil, file_prefix
load_chamber rails_env, hostname
export_chamber "#{file_prefix}_#{rails_env}_#{hostname}"
end
test_chamber "development", ARGV[0]
test_chamber "test", ARGV[0]
test_chamber "production", ARGV[0]
test_chamber "production", "myhost.com", ARGV[0]
test_chamber "production", "myotherhost.com", ARGV[0]
This loads Chamber with various namespaces like Rails environments and our custom "hostname" namespace. It exports the unencrypted secrets to files so you can then compare the secrets after you've unsecured them, or re-encrypted them with a different key
I ran it like:
bundle exec rails runner script/chamber_test.rb before
chamber unsecure
bundle exec rails runner script/chamber_test.rb after
and then I could diff the results like ksdiff before_production_myhost.com after_production_myhost.com
If anyone is curious, I verified the operation of this PR against my chamber settings using this Rails script:
@ideasasylum just so you know, chamber basically has this already built in. You can use both show and compare.
For your case you would use show with a namespace and --as-env, send that to a file. Then do the same after your changes. Then you can use a diff program to check differences.
Merged in f7e961b8bff8db9e687cbefea8cb226e7112c27f ! I needed to make some additional changes and add a bunch of tests but the bones were good and so I gave you commit credit. Thanks @ideasasylum and sorry this took so long!