Are the Python analogs of encrypted credentials Rails feature?
Quote from Rails Guides on subject:
Rails stores secrets in
config/credentials.yml.enc, which is encrypted and hence cannot be edited directly. Rails usesconfig/master.keyor alternatively looks for the environment variableENV["RAILS_MASTER_KEY"]to encrypt the credentials file. Because the credentials file is encrypted, it can be stored in version control, as long as the master key is kept safe.
To edit the credentials file, run
bin/rails credentials:edit. This command will create the credentials file if it does not exist. Additionally, this command will createconfig/master.keyif no master key is defined.Secrets kept in the credentials file are accessible via
Rails.application.credentials.
My idea is:
- to have all the secrets encrypted in repository;
- to have locally only
master.key(or only one env variable); - to once pass manually to production server
master.key; - then pass other secrets by git through automated deployment process.
No comments:
Post a Comment