From b5afc0cf9db8d50d1d95fc2c2fe8b451f8825b46 Mon Sep 17 00:00:00 2001
From: Star Rauchenberger <fefferburbia@gmail.com>
Date: Sat, 7 Dec 2024 13:31:31 -0500
Subject: Moved secret base, Akismet, Sendgrid, and database keys into
 credentials

---
 .gitattributes                        |  4 ++++
 .gitignore                            |  5 ++++-
 config/akismet.yml                    |  6 ------
 config/credentials.yml.enc            |  1 +
 config/credentials/production.yml.enc |  1 +
 config/database.yml                   | 31 +++++++++++++++++++++++++++++++
 config/deploy.rb                      |  2 +-
 config/environments/production.rb     |  5 -----
 config/initializers/akismet.rb        |  4 ++--
 config/mail.yml                       | 12 ++++++------
 config/secrets.yml                    | 32 --------------------------------
 11 files changed, 50 insertions(+), 53 deletions(-)
 create mode 100644 .gitattributes
 delete mode 100644 config/akismet.yml
 create mode 100644 config/credentials.yml.enc
 create mode 100644 config/credentials/production.yml.enc
 create mode 100644 config/database.yml
 delete mode 100644 config/secrets.yml

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..460321f
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,4 @@
+db/schema linguist-generated
+
+config/credentials/*.yml.enc diff=rails_credentials
+config/credentials.yml.enc diff=rails_credentials
diff --git a/.gitignore b/.gitignore
index 7e4fe23..3ddb969 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,7 +27,10 @@ tags
 .DS_Store
 *.swo
 /public/uploads
-config/database.yml
 /storage
 
 misc
+
+/config/master.key
+
+/config/credentials/production.key
diff --git a/config/akismet.yml b/config/akismet.yml
deleted file mode 100644
index 581aa7b..0000000
--- a/config/akismet.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-production:
-  api_key: ""
-  app_url: ""
-development:
-  api_key: ""
-  app_url: ""
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
new file mode 100644
index 0000000..90d7ee5
--- /dev/null
+++ b/config/credentials.yml.enc
@@ -0,0 +1 @@
+KrLA+ftWWLuC9JQBmExf5RXFOqp9q+CZCY6DJ8d0sgVUQXxcDToVqntxRRsqrTHvJ48xmRUgA4OmXUI1ZE3JtJQOuRmQHJf3bMtSlXDOzQTgNeIyzH3++Kcss3dIeM2+gnT8wxE2y6Tj2+KyB4tJGMeX1elSFK41rGz4zQzYVva3MVNKUmD1wV9p28sxtUSkDbiFxa2tDLGddor3Nqf7n4nuBLxpU4G1b7lhsAAQ4MYALvll0q3Uk54vEqyoiWEDC0fzqi1eWH/MQjcY6h6tXKEgElrXekx8N3agScXS50n2OzGx2ZbW99AwD0DxY6v1PtlAuW2OwEPFPvYaTu5cfsfaAJ5NKEMN4ahkHAerZpuJuoYgPOmnoM+mUZVPkaUWTRFkPBFRomrXtZ6e6OTAi/6Tnq9r/PAgpK9xeK0t8B2g0EpY/1FGvoByC0GDrzF2iJZg79y7B5xqhP9APrkTSJLCiNB3IdWwc2n45U6lPqt8ew1s9uxHQ5M9olBOkXnTDsj2--XBeKpE20qGij/dTL--9IG+AQxUdaR/ZcaUQ/cRvQ==
\ No newline at end of file
diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc
new file mode 100644
index 0000000..57fa6de
--- /dev/null
+++ b/config/credentials/production.yml.enc
@@ -0,0 +1 @@
+or84evW/EFy7dAsGJwX/FWF21rQir51D4PkJnaAsA9SUbrHFnMl5kQI4U6r8TBlIhCZjwZQN7Xw0tYe8D0EXjZCTdIyIMOPj0HKpP4XI0lPxSlMOZnQ7LSM2RxtIOIlKc9fdRQ1ouPxg7/yTTtyn625ma+UcWo+wFlGG+EGBD+PXAyVIMTR68Km/3A3/emLfGixG9ciDywHTz4b0FtzD8Y2eqZngn27zNmj5b4pMBa/UcbaQ8XS+oiwVfdndMnimmW2SoWm5tnCZyTpH+qxuYOu3mPyUUTHvnTTEkwTD4/qgpfJR1NnDmT+sspj5WqxLBvX2dgYZX1C/rlC/YocNyaMq5roBTM83yASridFNd+1tUohIhk5e/eIOrGFXnX1p6xNScEA+jYgdDiBsYjrOqhUw9jjk4y8EqToGo9UzJkWveWVUz6Iox9QdS/02e69hWO0tGC0CrEXqxZTabUA5cHrJpiZrafLLrnklYMpUhB/xtBFRQ0g3OeKX+l0wg5WbeI4L1RMT5Q5s36fwMMS9pMdYXhUAwkjAFBnMVvZYsP6K4mZzW4WrSVmMiY5VEOu9OPaLCOoFjOjRmp4W0yqlJm8NxRe1YrPKYG1X--vcDrrozJjl+FVmdV--Wcf7sEHiw54/Tv1iLM9e/A==
\ No newline at end of file
diff --git a/config/database.yml b/config/database.yml
new file mode 100644
index 0000000..78f158b
--- /dev/null
+++ b/config/database.yml
@@ -0,0 +1,31 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+#
+default: &default
+  adapter: sqlite3
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  timeout: 5000
+
+development:
+  <<: *default
+  database: db/development.sqlite3
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  <<: *default
+  database: db/test.sqlite3
+
+production:
+  adapter: mysql2
+  encoding: utf8mb4
+  database: thoughts
+  pool: 5
+  username: thoughts
+  password: <%= Rails.application.credentials.database_password %>
+  collation: utf8mb4_bin
+  socket: /var/run/mysqld/mysqld.sock
diff --git a/config/deploy.rb b/config/deploy.rb
index 7d4c284..f28894f 100644
--- a/config/deploy.rb
+++ b/config/deploy.rb
@@ -21,7 +21,7 @@ set :deploy_to, "/srv/www/thoughts"
 # set :pty, true
 
 # Default value for :linked_files is []
-append :linked_files, "config/database.yml", "config/secrets.yml", "config/akismet.yml", "config/mail.yml"
+append :linked_files, "config/master.key", "config/credentials/production.key"
 
 # Default value for linked_dirs is []
 append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets", "public/uploads", "storage"
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 8f8be04..901cf23 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -14,11 +14,6 @@ Rails.application.configure do
   config.consider_all_requests_local       = false
   config.action_controller.perform_caching = true
 
-  # Attempt to read encrypted secrets from `config/secrets.yml.enc`.
-  # Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or
-  # `config/secrets.yml.key`.
-  config.read_encrypted_secrets = true
-
   # Disable serving static files from the `/public` folder by default since
   # Apache or NGINX already handles this.
   config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
diff --git a/config/initializers/akismet.rb b/config/initializers/akismet.rb
index 325e48f..a0e40dc 100644
--- a/config/initializers/akismet.rb
+++ b/config/initializers/akismet.rb
@@ -1,2 +1,2 @@
-Akismet.api_key = Rails.application.config_for(:akismet)[:api_key]
-Akismet.app_url = Rails.application.config_for(:akismet)[:app_url]
+Akismet.api_key = Rails.application.credentials.akismet_api_key
+Akismet.app_url = Rails.application.credentials.akismet_app_url
diff --git a/config/mail.yml b/config/mail.yml
index 3c88234..e2d15c3 100644
--- a/config/mail.yml
+++ b/config/mail.yml
@@ -1,8 +1,8 @@
 production:
   smtp_settings:
-    address: ""
-    port: 25
-    user_name: ""
-    password: ""
-    authentication: ""
-    openssl_verify_mode: ""
+    address: "smtp.sendgrid.com"
+    port: 587
+    user_name: "apikey"
+    password: <%= Rails.application.credentials.sendgrid_api_key %>
+    authentication: "plain"
+    openssl_verify_mode: "none"
diff --git a/config/secrets.yml b/config/secrets.yml
deleted file mode 100644
index 31946ec..0000000
--- a/config/secrets.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key is used for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-# You can use `rails secret` to generate a secure secret key.
-
-# Make sure the secrets in this file are kept private
-# if you're sharing your code publicly.
-
-# Shared secrets are available across all environments.
-
-# shared:
-#   api_key: a1B2c3D4e5F6
-
-# Environmental secrets are only available for that specific environment.
-
-development:
-  secret_key_base: d56c163402b7f74e65934e2a5d5a0990a8120dc88c39c5ca00c143cbc1551f0d21e811cbd246c282ffc58d46286f5ae7d3231696c21772b252f137c24de0aa3f
-
-test:
-  secret_key_base: 66e64fc722045f0e636e7658997477d4e265d14e5dfef59f045e3512019b38a885320274116edf354d390a6019555848a89d8a3e01a6091df83032120edff6ac
-
-# Do not keep production secrets in the unencrypted secrets file.
-# Instead, either read values from the environment.
-# Or, use `bin/rails secrets:setup` to configure encrypted secrets
-# and move the `production:` environment over there.
-
-production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
-- 
cgit 1.4.1