Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Rails Secrets の歴史

Yuta Horii
October 31, 2018

Rails Secrets の歴史

Yuta Horii

October 31, 2018
Tweet

More Decks by Yuta Horii

Other Decks in Programming

Transcript

  1. @yutadayo • ງҪ ༤ଠ • ݩ Fablic, inc CTO •

    Ebisu.rb ͷΦʔΨφΠβʔ͍ͯ͠·͢
  2. ͱ͸͍͑ • .env Λ chef ΍ ansible ͳͲͰ഑ͬͨΓ… • σϓϩΠલʹ؀ڥม਺Λαʔό΁௥Ճͨ͠Γ…

    • ΤϯδχΞ͕૿͑ͨࡍʹΞΫηεΩʔ౉ͨ͠Γ… • ҉߸Խ͞Εͯͳ͍ϑΝΠϧ͸ؾΛ࢖Θͳ͍ͱ….
  3. Rails5.1 ͔Β Encrypted secrets ͕௥Ճ $ rails secrets:setup Adding config/secrets.yml.key

    to store the encryption key: 01234567890abcdefghijklmnopqrstu Save this in a password manager your team can access. If you lose the key, no one, including you, can access any encrypted secrets. create config/secrets.yml.key
  4. มߋ఺ &ODSZQUFETFDSFUT
 3BJMT $SFEFOUJBMT 3BJMT TFUVQ SBJMTTFDSFUTTFUVQ  FEJU SBJMTTFDSFUTFEJU

    SBJMTDSFEFOUJBMTFEJU TIPX SBJMTTFDSFUTTIPX SBJMTDSFEFOUJBMTTIPX VTF 3BJMTBQQMJDBUJPOTFDSFUTYYYY 3BJMTBQQMJDBUJPODSFEFOUJB MTYYY FODSZQUFEpMF DPOpHTFDSFUTZNMFOD DPOpHDSFEFOUJBMTZNMFOD EFDSFQJULFZ DPOpHTFDSFUTZNMLFZ DPOpHNBTUFSLFZ
  5. ؀ڥຖͷઃఆ͕Ͱ͖ͳ͍ • Rails.application.secrets Ͱ secrets.yml ͸·ͩࢀরՄೳ • credentials.yml.enc Λ؀ڥຖʹॻ͖෼͚Δͷ΋ҰԠͰ͖ Δɺࢀর࣌ʹenvΛࢦఆ͠ͳ͍ͱ͍͚ͳ͍

    • Rails.application.credentials[Rails.env.to_sym] [:api_key] • gem Λ࢖ͬͯղܾ΋Ͱ͖Δ • https://github.com/sinsoku/rails-env-credentials
  6. $ EDITOR=vim bundle exec rails credentials:edit -—environment staging Adding config/credentials/staging.key

    to store the encryption key: 01234567890abcdefghijklmnopqrstu Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/credentials/staging.key Ignoring config/credentials/staging.key so it wont’s end up in Git append .gitignore File encrypted and saved. $ ls -l config/credentials staging.key staging.yml.enc
  7. • credentials σΟϨΫτϦ͕ੜ੒͞Εɺ؀ڥຖͷ key ͱ encrypted file ͕ੜ੒͞ΕΔ • ͦΕͧΕͷ

    key ͕ .gitignore ϑΝΠϧʹ௥Ճ͞ΕΔ • ԼهͷઃఆΛม͑Δ͜ͱͰɺkey ͱ encrypted file ͷੜ ੒ઌΛࢦఆͰ͖ΔΑ͏Ͱ͢ • config.credentials.content_path • config.credentials.key_path • ؀ڥม਺͸ ENV[“RAILS_MASTER_KEY”] ͷΈ ݁Ռ