From b5afc0cf9db8d50d1d95fc2c2fe8b451f8825b46 Mon Sep 17 00:00:00 2001
From: Star Rauchenberger <fefferburbia@gmail.com>
Date: Sat, 7 Dec 2024 13:31:31 -0500
Subject: Moved secret base, Akismet, Sendgrid, and database keys into
credentials
---
.gitattributes | 4 ++++
.gitignore | 5 ++++-
config/akismet.yml | 6 ------
config/credentials.yml.enc | 1 +
config/credentials/production.yml.enc | 1 +
config/database.yml | 31 +++++++++++++++++++++++++++++++
config/deploy.rb | 2 +-
config/environments/production.rb | 5 -----
config/initializers/akismet.rb | 4 ++--
config/mail.yml | 12 ++++++------
config/secrets.yml | 32 --------------------------------
11 files changed, 50 insertions(+), 53 deletions(-)
create mode 100644 .gitattributes
delete mode 100644 config/akismet.yml
create mode 100644 config/credentials.yml.enc
create mode 100644 config/credentials/production.yml.enc
create mode 100644 config/database.yml
delete mode 100644 config/secrets.yml
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..460321f
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,4 @@
+db/schema linguist-generated
+
+config/credentials/*.yml.enc diff=rails_credentials
+config/credentials.yml.enc diff=rails_credentials
diff --git a/.gitignore b/.gitignore
index 7e4fe23..3ddb969 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,7 +27,10 @@ tags
.DS_Store
*.swo
/public/uploads
-config/database.yml
/storage
misc
+
+/config/master.key
+
+/config/credentials/production.key
diff --git a/config/akismet.yml b/config/akismet.yml
deleted file mode 100644
index 581aa7b..0000000
--- a/config/akismet.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-production:
- api_key: ""
- app_url: ""
-development:
- api_key: ""
- app_url: ""
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
new file mode 100644
index 0000000..90d7ee5
--- /dev/null
+++ b/config/credentials.yml.enc
@@ -0,0 +1 @@
+KrLA+ftWWLuC9JQBmExf5RXFOqp9q+CZCY6DJ8d0sgVUQXxcDToVqntxRRsqrTHvJ48xmRUgA4OmXUI1ZE3JtJQOuRmQHJf3bMtSlXDOzQTgNeIyzH3++Kcss3dIeM2+gnT8wxE2y6Tj2+KyB4tJGMeX1elSFK41rGz4zQzYVva3MVNKUmD1wV9p28sxtUSkDbiFxa2tDLGddor3Nqf7n4nuBLxpU4G1b7lhsAAQ4MYALvll0q3Uk54vEqyoiWEDC0fzqi1eWH/MQjcY6h6tXKEgElrXekx8N3agScXS50n2OzGx2ZbW99AwD0DxY6v1PtlAuW2OwEPFPvYaTu5cfsfaAJ5NKEMN4ahkHAerZpuJuoYgPOmnoM+mUZVPkaUWTRFkPBFRomrXtZ6e6OTAi/6Tnq9r/PAgpK9xeK0t8B2g0EpY/1FGvoByC0GDrzF2iJZg79y7B5xqhP9APrkTSJLCiNB3IdWwc2n45U6lPqt8ew1s9uxHQ5M9olBOkXnTDsj2--XBeKpE20qGij/dTL--9IG+AQxUdaR/ZcaUQ/cRvQ==
\ No newline at end of file
diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc
new file mode 100644
index 0000000..57fa6de
--- /dev/null
+++ b/config/credentials/production.yml.enc
@@ -0,0 +1 @@
+or84evW/EFy7dAsGJwX/FWF21rQir51D4PkJnaAsA9SUbrHFnMl5kQI4U6r8TBlIhCZjwZQN7Xw0tYe8D0EXjZCTdIyIMOPj0HKpP4XI0lPxSlMOZnQ7LSM2RxtIOIlKc9fdRQ1ouPxg7/yTTtyn625ma+UcWo+wFlGG+EGBD+PXAyVIMTR68Km/3A3/emLfGixG9ciDywHTz4b0FtzD8Y2eqZngn27zNmj5b4pMBa/UcbaQ8XS+oiwVfdndMnimmW2SoWm5tnCZyTpH+qxuYOu3mPyUUTHvnTTEkwTD4/qgpfJR1NnDmT+sspj5WqxLBvX2dgYZX1C/rlC/YocNyaMq5roBTM83yASridFNd+1tUohIhk5e/eIOrGFXnX1p6xNScEA+jYgdDiBsYjrOqhUw9jjk4y8EqToGo9UzJkWveWVUz6Iox9QdS/02e69hWO0tGC0CrEXqxZTabUA5cHrJpiZrafLLrnklYMpUhB/xtBFRQ0g3OeKX+l0wg5WbeI4L1RMT5Q5s36fwMMS9pMdYXhUAwkjAFBnMVvZYsP6K4mZzW4WrSVmMiY5VEOu9OPaLCOoFjOjRmp4W0yqlJm8NxRe1YrPKYG1X--vcDrrozJjl+FVmdV--Wcf7sEHiw54/Tv1iLM9e/A==
\ No newline at end of file
diff --git a/config/database.yml b/config/database.yml
new file mode 100644
index 0000000..78f158b
--- /dev/null
+++ b/config/database.yml
@@ -0,0 +1,31 @@
+# SQLite version 3.x
+# gem install sqlite3
+#
+# Ensure the SQLite 3 gem is defined in your Gemfile
+# gem 'sqlite3'
+#
+default: &default
+ adapter: sqlite3
+ pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+ timeout: 5000
+
+development:
+ <<: *default
+ database: db/development.sqlite3
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+ <<: *default
+ database: db/test.sqlite3
+
+production:
+ adapter: mysql2
+ encoding: utf8mb4
+ database: thoughts
+ pool: 5
+ username: thoughts
+ password: <%= Rails.application.credentials.database_password %>
+ collation: utf8mb4_bin
+ socket: /var/run/mysqld/mysqld.sock
diff --git a/config/deploy.rb b/config/deploy.rb
index 7d4c284..f28894f 100644
--- a/config/deploy.rb
+++ b/config/deploy.rb
@@ -21,7 +21,7 @@ set :deploy_to, "/srv/www/thoughts"
# set :pty, true
# Default value for :linked_files is []
-append :linked_files, "config/database.yml", "config/secrets.yml", "config/akismet.yml", "config/mail.yml"
+append :linked_files, "config/master.key", "config/credentials/production.key"
# Default value for linked_dirs is []
append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets", "public/uploads", "storage"
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 8f8be04..901cf23 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -14,11 +14,6 @@ Rails.application.configure do
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
- # Attempt to read encrypted secrets from `config/secrets.yml.enc`.
- # Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or
- # `config/secrets.yml.key`.
- config.read_encrypted_secrets = true
-
# Disable serving static files from the `/public` folder by default since
# Apache or NGINX already handles this.
config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
diff --git a/config/initializers/akismet.rb b/config/initializers/akismet.rb
index 325e48f..a0e40dc 100644
--- a/config/initializers/akismet.rb
+++ b/config/initializers/akismet.rb
@@ -1,2 +1,2 @@
-Akismet.api_key = Rails.application.config_for(:akismet)[:api_key]
-Akismet.app_url = Rails.application.config_for(:akismet)[:app_url]
+Akismet.api_key = Rails.application.credentials.akismet_api_key
+Akismet.app_url = Rails.application.credentials.akismet_app_url
diff --git a/config/mail.yml b/config/mail.yml
index 3c88234..e2d15c3 100644
--- a/config/mail.yml
+++ b/config/mail.yml
@@ -1,8 +1,8 @@
production:
smtp_settings:
- address: ""
- port: 25
- user_name: ""
- password: ""
- authentication: ""
- openssl_verify_mode: ""
+ address: "smtp.sendgrid.com"
+ port: 587
+ user_name: "apikey"
+ password: <%= Rails.application.credentials.sendgrid_api_key %>
+ authentication: "plain"
+ openssl_verify_mode: "none"
diff --git a/config/secrets.yml b/config/secrets.yml
deleted file mode 100644
index 31946ec..0000000
--- a/config/secrets.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key is used for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-# You can use `rails secret` to generate a secure secret key.
-
-# Make sure the secrets in this file are kept private
-# if you're sharing your code publicly.
-
-# Shared secrets are available across all environments.
-
-# shared:
-# api_key: a1B2c3D4e5F6
-
-# Environmental secrets are only available for that specific environment.
-
-development:
- secret_key_base: d56c163402b7f74e65934e2a5d5a0990a8120dc88c39c5ca00c143cbc1551f0d21e811cbd246c282ffc58d46286f5ae7d3231696c21772b252f137c24de0aa3f
-
-test:
- secret_key_base: 66e64fc722045f0e636e7658997477d4e265d14e5dfef59f045e3512019b38a885320274116edf354d390a6019555848a89d8a3e01a6091df83032120edff6ac
-
-# Do not keep production secrets in the unencrypted secrets file.
-# Instead, either read values from the environment.
-# Or, use `bin/rails secrets:setup` to configure encrypted secrets
-# and move the `production:` environment over there.
-
-production:
- secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
--
cgit 1.4.1