Environment-specific configuration for credentials.yml.enc

[Chris Seelus]

With ActiveSupport::EncryptedConfiguration shipping with Rails 5.2, I found that this new implementation lacks the ability to do environment-specific configuration in a clean and Rails like manner.

It might lead to people using all kinds of fancy workarounds for some keys where needed, like Rails.application.credentials.dig(:aws, Rails.env.to_sym, :bucket) or even Rails.env.production? ? Rails.application.credentials.aws[:bucket] : "default_bucket"

I think the Figaro gem has a very simple and unobtrusive approach to this. 

Given the following credentials.yml.enc (excerpt):

aws:
  bucket: "the_default_bucket"
  access_key_id: "some_very_secret_default_key"
  secret_access_key: "another_very_secret_default_key"
google:
  geocoder_key: "yet_another_very_secret_key"
mailer:
  smtp_address: "localhost"

One should be able to do this:

aws:
  bucket: "the_default_bucket"
  access_key_id: "some_very_secret_default_key"
  secret_access_key: "another_very_secret_default_key"
google:
  geocoder_key: "yet_another_very_secret_key"
mailer:
  smtp_address: "localhost"

production:
  aws:
    bucket: "the_production_bucket"
  google:
    geocoder_key: "yet_another_very_secret_key_for_production"
  mailer:
    smtp_address: "production_mailserver_smtp_address"

And be all ready and set to just use the credentials as before/now with Rails 5.2, e.g. Rails.application.credentials.aws[:bucket] for the AWS bucket and so forth.

Any opinions on that? Would a PR implementing this have a chance to be accepted?