Class: OpCredentials::Vault

Inherits:

Object

• Object
• OpCredentials::Vault

Defined in:

lib/op_credentials/vault.rb

Constant Summary

OP_VAULT_SECRETS =

{}

Instance Attribute Summary

• #name ⇒ Object readonly

  Returns the value of attribute name.

Instance Method Summary

• #fetch_secret(label:, default: nil, delete: true) ⇒ Object
• #initialize(name) ⇒ Vault constructor

  A new instance of Vault.

• #load(tags: [ENV["RAILS_ENV"]]) ⇒ Object

Constructor Details

#initialize(name) ⇒ Vault

Returns a new instance of Vault.

# File 'lib/op_credentials/vault.rb', line 11

def initialize(name)
  @name = name
end

Instance Attribute Details

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/op_credentials/vault.rb', line 8

def name
  @name
end

Instance Method Details

#fetch_secret(label:, default: nil, delete: true) ⇒ Object

# File 'lib/op_credentials/vault.rb', line 30

def fetch_secret(label:, default: nil, delete: true)
  if compiling_assets?
    "" # doesn't matter for asset compilation
  elsif !Rails.env.local?
    (delete ? OP_VAULT_SECRETS.delete(label) : OP_VAULT_SECRETS[label]) || raise("Secret `#{label}` not found in 1Password")
  else # look for it in credentials; if not, in env, if not, the default
    Rails.application.credentials.fetch(:label, ENV.fetch(label, default))
  end
end

#load(tags: [ENV["RAILS_ENV"]]) ⇒ Object

# File 'lib/op_credentials/vault.rb', line 15

def load(tags: [ENV["RAILS_ENV"]])
  # To reduce the amount of API calls to 1Password, we can
  # grab one document that contains all the secrets we need
  if !compiling_assets? && !Rails.env.local?
    result = op_load_vault_into_env(tags: tags)
    if result.is_a?(Array)
      raise RuntimeError, "No items found in vault `#{@name}` for tags: #{tags}"
    end

    result["fields"].select { |f| f["value"] }.each do |field|
      load_vault_secret(field)
    end
  end
end