From 5e604e55fd864406a920ad158b775ac6974a3831 Mon Sep 17 00:00:00 2001 From: Nick Dirschel Date: Tue, 1 Nov 2022 12:37:39 -0400 Subject: [PATCH 1/7] don't commit secrets --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 20572e75..e487039a 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,7 @@ Guardfile # Ignore storage files /storage + +/config/master.key + +/config/credentials/production.key From 80d5934d17f8cb5aa7c9f825502bb9becd04d1e8 Mon Sep 17 00:00:00 2001 From: Nick Dirschel Date: Tue, 1 Nov 2022 12:37:44 -0400 Subject: [PATCH 2/7] credentials --- config/credentials/production.yml.enc | 1 + 1 file changed, 1 insertion(+) create mode 100644 config/credentials/production.yml.enc diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc new file mode 100644 index 00000000..d2cb9ca0 --- /dev/null +++ b/config/credentials/production.yml.enc @@ -0,0 +1 @@ +wndMpPD1y4LCZGkFbnEnEdWSmJC2Hfrn5R7c5xrTVHAWtgP718++yZ7nwbK2Avdnj45ORWWqSoOjScp1RG4cDK1RTnqWA35hKm+3gNQtor9b6cFJ8myrO6v6lqH1sBDD3PGtaZo3uYQrc+WV7j9eTq7K+5Wntw4Pj5SGRpOvk0rgOXHrf1p+fy3m3OIBemiG4Qm3g6Y1oQ==--tTRICPu+Edju8MtK--upSvHt19To1nDQrOmTnO5w== \ No newline at end of file From 9f8303d6e279214af779fd5cb167be624db0de88 Mon Sep 17 00:00:00 2001 From: Nick Dirschel Date: Tue, 1 Nov 2022 12:39:24 -0400 Subject: [PATCH 3/7] add apostrophes --- config/credentials/production.yml.enc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc index d2cb9ca0..fed79494 100644 --- a/config/credentials/production.yml.enc +++ b/config/credentials/production.yml.enc @@ -1 +1 @@ -wndMpPD1y4LCZGkFbnEnEdWSmJC2Hfrn5R7c5xrTVHAWtgP718++yZ7nwbK2Avdnj45ORWWqSoOjScp1RG4cDK1RTnqWA35hKm+3gNQtor9b6cFJ8myrO6v6lqH1sBDD3PGtaZo3uYQrc+WV7j9eTq7K+5Wntw4Pj5SGRpOvk0rgOXHrf1p+fy3m3OIBemiG4Qm3g6Y1oQ==--tTRICPu+Edju8MtK--upSvHt19To1nDQrOmTnO5w== \ No newline at end of file +UkA00Eie7fXg8oiwhk4r3b1iEbMSAiekgZGszpEW4gPQ9EhV9s6OFxbZ37ri6GVfXMi9uwmSJbGkcGFoABmfUOYpIt+sbI+QzHIdWQ64cvHqVZR3bMwW+NAM2Qsg448UpGdKUzIUEi9TcrUJ5BKa7zljif7uBRywcZlSIxX0bYEYW1O8grxPCHamBMxM+RtDnO+LQVXLSFxa--rAIn70Sae683U31i--I1n2jdz7J+5rb1PsDF/W9Q== \ No newline at end of file From d9fc38a78f329aca46fda0912712fea4255e5c2b Mon Sep 17 00:00:00 2001 From: Nick Dirschel Date: Tue, 1 Nov 2022 12:42:57 -0400 Subject: [PATCH 4/7] use rails credentials --- config/deploy/production.rb | 1 - config/secrets.yml | 22 ---------------------- 2 files changed, 23 deletions(-) delete mode 100644 config/secrets.yml diff --git a/config/deploy/production.rb b/config/deploy/production.rb index ec8cf47e..e96e4db7 100644 --- a/config/deploy/production.rb +++ b/config/deploy/production.rb @@ -3,4 +3,3 @@ ssh_options: { forward_agent: false } set :bundle_env_variables, { 'NOKOGIRI_USE_SYSTEM_LIBRARIES' => 1 } -set :default_env, { 'SECRET_KEY_BASE' => 'NOT_A_REAL_SECRET_AND_THATS_OK' } diff --git a/config/secrets.yml b/config/secrets.yml deleted file mode 100644 index a9e556dd..00000000 --- a/config/secrets.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Your secret key is used for verifying the integrity of signed cookies. -# If you change this key, all old signed cookies will become invalid! - -# Make sure the secret is at least 30 characters and all random, -# no regular words or you'll be exposed to dictionary attacks. -# You can use `rake secret` to generate a secure secret key. - -# Make sure the secrets in this file are kept private -# if you're sharing your code publicly. - -development: - secret_key_base: 933798de41b016682c5cf5b5614ab424bd09e15fdcc6da79dff483c1f8e81d003fd1fe9df3e9f41eeb8a58fbf35841fc2b1a6631171979a4457d56d1c2f9a6a3 - -test: - secret_key_base: 8b8160ce20ca97f62798aefd420e2ab6468c380832864ecf57803b6448cafde5e338d2c1c436f25299a6256ffb7d8986f9c1a2f12317650e716018c8867dac8e - -# Do not keep production secrets in the repository, -# instead read values from the environment. -production: - secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> From c88957bcca3f5e0c95db602c501da29bfc793d11 Mon Sep 17 00:00:00 2001 From: Nick Dirschel Date: Tue, 1 Nov 2022 12:43:42 -0400 Subject: [PATCH 5/7] add credentials to linked files --- config/deploy.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/deploy.rb b/config/deploy.rb index 9028188c..e74e642b 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -11,7 +11,8 @@ append :linked_files, 'config/application.yml', - 'config/database.yml' + 'config/database.yml', + 'config/credentials/production.yml.enc' append :linked_dirs, '.bundle', 'log', 'node_modules' From b6ae397782c2a2b16b51e197ed5da602cc556a56 Mon Sep 17 00:00:00 2001 From: Nick Dirschel Date: Tue, 1 Nov 2022 13:01:08 -0400 Subject: [PATCH 6/7] Update config/deploy.rb Co-authored-by: benmelz --- config/deploy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/deploy.rb b/config/deploy.rb index e74e642b..02cf5305 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -12,7 +12,7 @@ append :linked_files, 'config/application.yml', 'config/database.yml', - 'config/credentials/production.yml.enc' + 'config/credentials/production.key' append :linked_dirs, '.bundle', 'log', 'node_modules' From f8333dfbccd3db4e4bad4ae5ff4378a17dd22950 Mon Sep 17 00:00:00 2001 From: Nick Dirschel Date: Tue, 1 Nov 2022 13:06:37 -0400 Subject: [PATCH 7/7] ben has ocd --- .gitignore | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e487039a..74dee259 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,7 @@ .DS_Store # Ignore application configuration +/config/credentials/production.key /config/application.yml /config/database.yml @@ -33,7 +34,3 @@ Guardfile # Ignore storage files /storage - -/config/master.key - -/config/credentials/production.key