Environment-specific configuration for credentials.yml.enc

With ActiveSupport::EncryptedConfiguration shipping with Rails 5.2, I found that this new implementation lacks the ability to do environment-specific configuration in a clean and Rails like manner.

It might lead to people using all kinds of fancy workarounds for some keys where needed, like Rails.application.credentials.dig(:aws, Rails.env.to_sym, :bucket) or even Rails.env.production? ? Rails.application.credentials.aws[:bucket] : “default_bucket”

I think the Figaro gem has a very simple and unobtrusive approach to this.

Given the following credentials.yml.enc (excerpt):

aws:
bucket: “the_default_bucket”
access_key_id: “some_very_secret_default_key”
secret_access_key: “another_very_secret_default_key”
google:
geocoder_key: “yet_another_very_secret_key”
mailer:
smtp_address: “localhost”

``

One should be able to do this:

aws:
bucket: “the_default_bucket”
access_key_id: “some_very_secret_default_key”
secret_access_key: “another_very_secret_default_key”
google:
geocoder_key: “yet_another_very_secret_key”
mailer:
smtp_address: “localhost”

production:
aws:
bucket: “the_production_bucket”
google:
geocoder_key: “yet_another_very_secret_key_for_production”
mailer:
smtp_address: “production_mailserver_smtp_address”

``

And be all ready and set to just use the credentials as before/now with Rails 5.2, e.g. Rails.application.credentials.aws[:bucket] for the AWS bucket and so forth.

Any opinions on that? Would a PR implementing this have a chance to be accepted?