With ActiveSupport::EncryptedConfiguration shipping with Rails 5.2, I found that this new implementation lacks the ability to do environment-specific configuration in a clean and Rails like manner.
It might lead to people using all kinds of fancy workarounds for some keys where needed, like Rails.application.credentials.dig(:aws, Rails.env.to_sym, :bucket) or even Rails.env.production? ? Rails.application.credentials.aws[:bucket] : “default_bucket”
I think the Figaro gem has a very simple and unobtrusive approach to this.
Given the following credentials.yml.enc (excerpt):
aws: bucket: “the_default_bucket” access_key_id: “some_very_secret_default_key” secret_access_key: “another_very_secret_default_key” google: geocoder_key: “yet_another_very_secret_key” mailer: smtp_address: “localhost”
``
One should be able to do this:
aws: bucket: “the_default_bucket” access_key_id: “some_very_secret_default_key” secret_access_key: “another_very_secret_default_key” google: geocoder_key: “yet_another_very_secret_key” mailer: smtp_address: “localhost”
production: aws: bucket: “the_production_bucket” google: geocoder_key: “yet_another_very_secret_key_for_production” mailer: smtp_address: “production_mailserver_smtp_address”
``
And be all ready and set to just use the credentials as before/now with Rails 5.2, e.g. Rails.application.credentials.aws[:bucket] for the AWS bucket and so forth.
Any opinions on that? Would a PR implementing this have a chance to be accepted?