From 0d51d902b5be66471cc585c2a995eeebb0bf4c31 Mon Sep 17 00:00:00 2001 From: Marc Qualie Date: Thu, 1 Oct 2020 20:54:37 +0100 Subject: [PATCH] Use Diffcrypt::File as the storage for rails helper --- .../rails/encrypted_configuration.rb | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/diffcrypt/rails/encrypted_configuration.rb b/lib/diffcrypt/rails/encrypted_configuration.rb index fe7dba6..41c304f 100644 --- a/lib/diffcrypt/rails/encrypted_configuration.rb +++ b/lib/diffcrypt/rails/encrypted_configuration.rb @@ -9,6 +9,8 @@ require 'active_support/core_ext/module/delegation' require 'active_support/core_ext/object/inclusion' +require 'diffcrypt/file' + module Diffcrypt module Rails class EncryptedConfiguration @@ -24,15 +26,10 @@ def initialize(config_path:, key_path:, env_key:, raise_if_missing_key:) @content_path = Pathname.new(::File.absolute_path(config_path)).yield_self do |path| path.symlink? ? path.realpath : path end + @diffcrypt_file = Diffcrypt::File.new(@content_path) @key_path = Pathname.new(key_path) @env_key = env_key @raise_if_missing_key = raise_if_missing_key - - # TODO: Use Diffcrypt::File to ensure correct cipher is used - @active_support_encryptor = ActiveSupport::MessageEncryptor.new( - [key].pack('H*'), - cipher: Encryptor::DEFAULT_CIPHER, - ) end # Determines if file is using the diffable format, or still @@ -108,9 +105,18 @@ def decrypt(contents) end end + # Rails applications with an existing credentials file, the inbuilt active support encryptor should be used + # @return [ActiveSupport::MessageEncryptor] + def active_support_encryptor + @active_support_encryptor = ActiveSupport::MessageEncryptor.new( + [key].pack('H*'), + cipher: @diffcrypt_file.cipher, + ) + end + # @return [Encryptor] def encryptor - @encryptor ||= Encryptor.new key + @encryptor ||= Encryptor.new key, cipher: @diffcrypt_file.cipher end def read_env_key