Skip to content

Commit 0c76f17

Browse files
committed
Remove deprecated Rails.application.secrets
1 parent 0a84b72 commit 0c76f17

File tree

13 files changed

+29
-643
lines changed

13 files changed

+29
-643
lines changed

guides/source/7_2_release_notes.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@ Please refer to the [Changelog][railties] for detailed changes.
2828

2929
### Removals
3030

31+
* Remove deprecated `Rails.application.secrets`.
32+
3133
### Deprecations
3234

3335
### Notable changes

railties/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
* Remove deprecated `Rails.application.secrets`.
2+
3+
*Rafael Mendonça França*
4+
15
* Generated Gemfile will include `require: "debug/prelude"` for the `debug` gem
26

37
Requiring `debug` gem directly automatically activates it, which could introduce

railties/lib/rails/application.rb

Lines changed: 11 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@
1010
require "active_support/hash_with_indifferent_access"
1111
require "active_support/configuration_file"
1212
require "rails/engine"
13-
require "rails/secrets"
1413
require "rails/autoloaders"
1514

1615
module Rails
@@ -104,7 +103,7 @@ def find_root(from)
104103
delegate :default_url_options, :default_url_options=, to: :routes
105104

106105
INITIAL_VARIABLES = [:config, :railties, :routes_reloader, :reloaders,
107-
:routes, :helpers, :app_env_config, :secrets] # :nodoc:
106+
:routes, :helpers, :app_env_config] # :nodoc:
108107

109108
def initialize(initial_variable_values = {}, &block)
110109
super()
@@ -439,25 +438,7 @@ def config # :nodoc:
439438
end
440439

441440
attr_writer :config
442-
443-
def secrets
444-
Rails.deprecator.warn(<<~MSG.squish)
445-
`Rails.application.secrets` is deprecated in favor of `Rails.application.credentials` and will be removed in Rails 7.2.
446-
MSG
447-
@secrets ||= begin
448-
secrets = ActiveSupport::OrderedOptions.new
449-
files = config.paths["config/secrets"].existent
450-
files = files.reject { |path| path.end_with?(".enc") } unless config.read_encrypted_secrets
451-
secrets.merge! Rails::Secrets.parse(files, env: Rails.env)
452-
453-
# Fallback to config.secret_key_base if secrets.secret_key_base isn't set
454-
secrets.secret_key_base ||= config.secret_key_base
455-
456-
secrets
457-
end
458-
end
459-
460-
attr_writer :secrets, :credentials
441+
attr_writer :credentials
461442

462443
# The secret_key_base is used as the input secret to the application's key generator, which in turn
463444
# is used to create all ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor instances,
@@ -473,33 +454,16 @@ def secrets
473454
# Dockerfile example: <tt>RUN SECRET_KEY_BASE_DUMMY=1 bundle exec rails assets:precompile</tt>.
474455
#
475456
# In all other environments, we look for it first in <tt>ENV["SECRET_KEY_BASE"]</tt>,
476-
# then +credentials.secret_key_base+, and finally +secrets.secret_key_base+. For most applications,
477-
# the correct place to store it is in the encrypted credentials file.
457+
# then +credentials.secret_key_base+. For most applications, the correct place to store it is in the
458+
# encrypted credentials file.
478459
def secret_key_base
479-
config.secret_key_base ||=
480-
if ENV["SECRET_KEY_BASE_DUMMY"]
481-
generate_local_secret
482-
else
483-
validate_secret_key_base(
484-
ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || begin
485-
secret_skb = secrets_secret_key_base
486-
487-
if secret_skb && secret_skb.equal?(config.secret_key_base)
488-
config.secret_key_base
489-
elsif secret_skb
490-
Rails.deprecator.warn(<<~MSG.squish)
491-
Your `secret_key_base` is configured in `Rails.application.secrets`,
492-
which is deprecated in favor of `Rails.application.credentials` and
493-
will be removed in Rails 7.2.
494-
MSG
495-
496-
secret_skb
497-
elsif Rails.env.local?
498-
generate_local_secret
499-
end
500-
end
501-
)
502-
end
460+
if Rails.env.local? || ENV["SECRET_KEY_BASE_DUMMY"]
461+
config.secret_key_base ||= generate_local_secret
462+
else
463+
validate_secret_key_base(
464+
ENV["SECRET_KEY_BASE"] || credentials.secret_key_base
465+
)
466+
end
503467
end
504468

505469
# Returns an ActiveSupport::EncryptedConfiguration instance for the
@@ -674,8 +638,6 @@ def generate_local_secret
674638

675639
if File.exist?(key_file)
676640
config.secret_key_base = File.binread(key_file)
677-
elsif secrets_secret_key_base
678-
config.secret_key_base = secrets_secret_key_base
679641
else
680642
random_key = SecureRandom.hex(64)
681643
FileUtils.mkdir_p(key_file.dirname)
@@ -687,12 +649,6 @@ def generate_local_secret
687649
config.secret_key_base
688650
end
689651

690-
def secrets_secret_key_base
691-
Rails.deprecator.silence do
692-
secrets.secret_key_base
693-
end
694-
end
695-
696652
def build_request(env)
697653
req = super
698654
env["ORIGINAL_FULLPATH"] = req.fullpath

railties/lib/rails/application/bootstrap.rb

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
require "active_support/notifications"
66
require "active_support/dependencies"
77
require "active_support/descendants_tracker"
8-
require "rails/secrets"
98

109
module Rails
1110
class Application
@@ -114,10 +113,6 @@ module Bootstrap
114113
initializer :bootstrap_hook, group: :all do |app|
115114
ActiveSupport.run_load_hooks(:before_initialize, app)
116115
end
117-
118-
initializer :set_secrets_root, group: :all do
119-
Rails::Secrets.root = root
120-
end
121116
end
122117
end
123118
end

railties/lib/rails/application/configuration.rb

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class Configuration < ::Rails::Engine::Configuration
1919
:ssl_options, :public_file_server,
2020
:session_options, :time_zone, :reload_classes_only_on_change,
2121
:beginning_of_week, :filter_redirect, :x,
22-
:read_encrypted_secrets, :content_security_policy_report_only,
22+
:content_security_policy_report_only,
2323
:content_security_policy_nonce_generator, :content_security_policy_nonce_directives,
2424
:require_master_key, :credentials, :disable_sandbox, :sandbox_by_default,
2525
:add_autoload_paths_to_load_path, :rake_eager_load, :server_timing, :log_file_size,
@@ -68,7 +68,6 @@ def initialize(*)
6868
@debug_exception_response_format = nil
6969
@x = Custom.new
7070
@enable_dependency_loading = false
71-
@read_encrypted_secrets = false
7271
@content_security_policy = nil
7372
@content_security_policy_report_only = false
7473
@content_security_policy_nonce_generator = nil
@@ -367,6 +366,15 @@ def enable_dependency_loading=(value)
367366
@enable_dependency_loading = value
368367
end
369368

369+
def read_encrypted_secrets
370+
Rails.deprecator.warn(`config.read_encrypted_secrets is deprecated and will be removed in Rails 7.3.`)
371+
end
372+
373+
def read_encrypted_secrets=(value)
374+
Rails.deprecator.warn(`config.read_encrypted_secrets is deprecated and will be removed in Rails 7.3.`)
375+
end
376+
377+
370378
def encoding=(value)
371379
@encoding = value
372380
silence_warnings do
@@ -399,7 +407,6 @@ def paths
399407
@paths ||= begin
400408
paths = super
401409
paths.add "config/database", with: "config/database.yml"
402-
paths.add "config/secrets", with: "config", glob: "secrets.yml{,.enc}"
403410
paths.add "config/environment", with: "config/environment.rb"
404411
paths.add "lib/templates"
405412
paths.add "log", with: "log/#{Rails.env}.log"

railties/lib/rails/commands/secrets/USAGE

Lines changed: 0 additions & 61 deletions
This file was deleted.

railties/lib/rails/commands/secrets/secrets_command.rb

Lines changed: 0 additions & 47 deletions
This file was deleted.

railties/lib/rails/generators.rb

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,6 @@ def sorted_groups
203203
rails.map! { |n| n.delete_prefix("rails:") }
204204
rails.delete("app")
205205
rails.delete("plugin")
206-
rails.delete("encrypted_secrets")
207206
rails.delete("encrypted_file")
208207
rails.delete("encryption_key_file")
209208
rails.delete("master_key")

0 commit comments

Comments
 (0)