shipping with Rails 5.2, I found that this new implementation lacks the ability to do environment-specific configuration in a clean and Rails like manner.
It might lead to people using all kinds of fancy workarounds for some keys where needed, like
Rails.application.credentials.dig(:aws, Rails.env.to_sym, :bucket) or even
Rails.env.production? ? Rails.application.credentials.aws[:bucket] : "default_bucket"
I think the
Figaro gem has a very simple and unobtrusive approach to this.
Given the following credentials.yml.enc (excerpt):
aws:
bucket: "the_default_bucket"
access_key_id: "some_very_secret_default_key"
secret_access_key: "another_very_secret_default_key"
google:
geocoder_key: "yet_another_very_secret_key"
mailer:
smtp_address: "localhost"
One should be able to do this:
aws:
bucket: "the_default_bucket"
access_key_id: "some_very_secret_default_key"
secret_access_key: "another_very_secret_default_key"
google:
geocoder_key: "yet_another_very_secret_key"
mailer:
smtp_address: "localhost"
production:
aws:
bucket: "the_production_bucket"
google:
geocoder_key: "yet_another_very_secret_key_for_production"
mailer:
smtp_address: "production_mailserver_smtp_address"
And be all ready and set to just use the credentials as before/now with Rails 5.2, e.g. Rails.application.credentials.aws[:bucket] for the AWS bucket and so forth.
Any opinions on that? Would a PR implementing this have a chance to be accepted?