Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Rails Secrets の歴史

Avatar for Yuta Horii Yuta Horii
October 31, 2018

Rails Secrets の歴史

Avatar for Yuta Horii

Yuta Horii

October 31, 2018
Tweet

More Decks by Yuta Horii

Other Decks in Programming

Transcript

  1. @yutadayo • ງҪ ༤ଠ • ݩ Fablic, inc CTO •

    Ebisu.rb ͷΦʔΨφΠβʔ͍ͯ͠·͢
  2. ͱ͸͍͑ • .env Λ chef ΍ ansible ͳͲͰ഑ͬͨΓ… • σϓϩΠલʹ؀ڥม਺Λαʔό΁௥Ճͨ͠Γ…

    • ΤϯδχΞ͕૿͑ͨࡍʹΞΫηεΩʔ౉ͨ͠Γ… • ҉߸Խ͞Εͯͳ͍ϑΝΠϧ͸ؾΛ࢖Θͳ͍ͱ….
  3. Rails5.1 ͔Β Encrypted secrets ͕௥Ճ $ rails secrets:setup Adding config/secrets.yml.key

    to store the encryption key: 01234567890abcdefghijklmnopqrstu Save this in a password manager your team can access. If you lose the key, no one, including you, can access any encrypted secrets. create config/secrets.yml.key
  4. มߋ఺ &ODSZQUFETFDSFUT
 3BJMT $SFEFOUJBMT 3BJMT TFUVQ SBJMTTFDSFUTTFUVQ  FEJU SBJMTTFDSFUTFEJU

    SBJMTDSFEFOUJBMTFEJU TIPX SBJMTTFDSFUTTIPX SBJMTDSFEFOUJBMTTIPX VTF 3BJMTBQQMJDBUJPOTFDSFUTYYYY 3BJMTBQQMJDBUJPODSFEFOUJB MTYYY FODSZQUFEpMF DPOpHTFDSFUTZNMFOD DPOpHDSFEFOUJBMTZNMFOD EFDSFQJULFZ DPOpHTFDSFUTZNMLFZ DPOpHNBTUFSLFZ
  5. ؀ڥຖͷઃఆ͕Ͱ͖ͳ͍ • Rails.application.secrets Ͱ secrets.yml ͸·ͩࢀরՄೳ • credentials.yml.enc Λ؀ڥຖʹॻ͖෼͚Δͷ΋ҰԠͰ͖ Δɺࢀর࣌ʹenvΛࢦఆ͠ͳ͍ͱ͍͚ͳ͍

    • Rails.application.credentials[Rails.env.to_sym] [:api_key] • gem Λ࢖ͬͯղܾ΋Ͱ͖Δ • https://github.com/sinsoku/rails-env-credentials
  6. $ EDITOR=vim bundle exec rails credentials:edit -—environment staging Adding config/credentials/staging.key

    to store the encryption key: 01234567890abcdefghijklmnopqrstu Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/credentials/staging.key Ignoring config/credentials/staging.key so it wont’s end up in Git append .gitignore File encrypted and saved. $ ls -l config/credentials staging.key staging.yml.enc
  7. • credentials σΟϨΫτϦ͕ੜ੒͞Εɺ؀ڥຖͷ key ͱ encrypted file ͕ੜ੒͞ΕΔ • ͦΕͧΕͷ

    key ͕ .gitignore ϑΝΠϧʹ௥Ճ͞ΕΔ • ԼهͷઃఆΛม͑Δ͜ͱͰɺkey ͱ encrypted file ͷੜ ੒ઌΛࢦఆͰ͖ΔΑ͏Ͱ͢ • config.credentials.content_path • config.credentials.key_path • ؀ڥม਺͸ ENV[“RAILS_MASTER_KEY”] ͷΈ ݁Ռ