Rails Secrets の歴史

97feb505b46c6d64890c0dd52daab4b4?s=47 yuta horii
October 31, 2018

Rails Secrets の歴史

97feb505b46c6d64890c0dd52daab4b4?s=128

yuta horii

October 31, 2018
Tweet

Transcript

  1. 2.

    @yutadayo • ງҪ ༤ଠ • ݩ Fablic, inc CTO •

    Ebisu.rb ͷΦʔΨφΠβʔ͍ͯ͠·͢
  2. 6.

    ͱ͸͍͑ • .env Λ chef ΍ ansible ͳͲͰ഑ͬͨΓ… • σϓϩΠલʹ؀ڥม਺Λαʔό΁௥Ճͨ͠Γ…

    • ΤϯδχΞ͕૿͑ͨࡍʹΞΫηεΩʔ౉ͨ͠Γ… • ҉߸Խ͞Εͯͳ͍ϑΝΠϧ͸ؾΛ࢖Θͳ͍ͱ….
  3. 7.
  4. 9.
  5. 11.
  6. 12.
  7. 13.

    Rails5.1 ͔Β Encrypted secrets ͕௥Ճ $ rails secrets:setup Adding config/secrets.yml.key

    to store the encryption key: 01234567890abcdefghijklmnopqrstu Save this in a password manager your team can access. If you lose the key, no one, including you, can access any encrypted secrets. create config/secrets.yml.key
  8. 15.
  9. 16.
  10. 17.
  11. 20.

    มߋ఺ &ODSZQUFETFDSFUT
 3BJMT $SFEFOUJBMT 3BJMT TFUVQ SBJMTTFDSFUTTFUVQ  FEJU SBJMTTFDSFUTFEJU

    SBJMTDSFEFOUJBMTFEJU TIPX SBJMTTFDSFUTTIPX SBJMTDSFEFOUJBMTTIPX VTF 3BJMTBQQMJDBUJPOTFDSFUTYYYY 3BJMTBQQMJDBUJPODSFEFOUJB MTYYY FODSZQUFEpMF DPOpHTFDSFUTZNMFOD DPOpHDSFEFOUJBMTZNMFOD EFDSFQJULFZ DPOpHTFDSFUTZNMLFZ DPOpHNBTUFSLFZ
  12. 23.

    ؀ڥຖͷઃఆ͕Ͱ͖ͳ͍ • Rails.application.secrets Ͱ secrets.yml ͸·ͩࢀরՄೳ • credentials.yml.enc Λ؀ڥຖʹॻ͖෼͚Δͷ΋ҰԠͰ͖ Δɺࢀর࣌ʹenvΛࢦఆ͠ͳ͍ͱ͍͚ͳ͍

    • Rails.application.credentials[Rails.env.to_sym] [:api_key] • gem Λ࢖ͬͯղܾ΋Ͱ͖Δ • https://github.com/sinsoku/rails-env-credentials
  13. 27.

    $ EDITOR=vim bundle exec rails credentials:edit -—environment staging Adding config/credentials/staging.key

    to store the encryption key: 01234567890abcdefghijklmnopqrstu Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/credentials/staging.key Ignoring config/credentials/staging.key so it wont’s end up in Git append .gitignore File encrypted and saved. $ ls -l config/credentials staging.key staging.yml.enc
  14. 28.

    • credentials σΟϨΫτϦ͕ੜ੒͞Εɺ؀ڥຖͷ key ͱ encrypted file ͕ੜ੒͞ΕΔ • ͦΕͧΕͷ

    key ͕ .gitignore ϑΝΠϧʹ௥Ճ͞ΕΔ • ԼهͷઃఆΛม͑Δ͜ͱͰɺkey ͱ encrypted file ͷੜ ੒ઌΛࢦఆͰ͖ΔΑ͏Ͱ͢ • config.credentials.content_path • config.credentials.key_path • ؀ڥม਺͸ ENV[“RAILS_MASTER_KEY”] ͷΈ ݁Ռ