railties/lib/rails/generators/rails/credentials/credentials_generator.rb
# frozen_string_literal: true
require "rails/generators/base"
require "rails/generators/rails/master_key/master_key_generator"
require "active_support/encrypted_configuration"
module Rails
module Generators
class CredentialsGenerator < Base # :nodoc:
argument :content_path, default: "config/credentials.yml.enc"
argument :key_path, default: "config/master.key"
class_option :skip_secret_key_base, type: :boolean
def add_credentials_file
in_root do
return if File.exist?(content_path)
say "Adding #{content_path} to store encrypted credentials."
say ""
content = render_template_to_encrypted_file
say "The following content has been encrypted with the Rails master key:"
say ""
say content, :on_green
say ""
say "You can edit encrypted credentials with `bin/rails credentials:edit`."
say ""
end
end
private
def encrypted_file
ActiveSupport::EncryptedConfiguration.new(
config_path: content_path,
key_path: key_path,
env_key: "RAILS_MASTER_KEY",
raise_if_missing_key: true
)
end
def secret_key_base
@secret_key_base ||= SecureRandom.hex(64)
end
def render_template_to_encrypted_file
empty_directory File.dirname(content_path)
content = nil
encrypted_file.change do |tmp_path|
template("credentials.yml", tmp_path, force: true, verbose: false) do |rendered|
content = rendered
end
end
content
end
end
end
end