[Feature Proposal] Add --internalise-conflicts option to the rails credentials edit

Hey Rails community!
Just a quick proposal/sanity check on a feature to help with git conflicts in credential files.
Thanks so much for reading and for any insight / feedback.

Background

Handling merge conflicts in the encrypted credentials files feels manual and difficult.

We do have the ability to make git diff work with the encrypted files via rails credentials:diff --enroll but that doesn’t seem to help with merge or rebase conflicts.

Resolving the conflict is a manual process, pulling the conflicted filed apart, diff’ing them and then putting them back together.
We have the encrypted files in the diff, and we have the key, so we have everything we need to resolve the issue in an automated way.

Googling the issue also doesn’t bring up much. But there are few complaints that users expect the flow to be easier.

https://stackoverflow.com/questions/58980566/how-to-deal-with-merge-conflicts-in-rails-encrypted-credential-files

There are a few references to git doing the correct thing with conflicts withe the rails credentials:diff --enroll, but it’s not working for me.

git -v
#=> git version 2.49.0

Using git merge other_branch cases the regular merge conflicts over the whole set of binary data.

Auto-merging config/credentials/development.yml.enc
CONFLICT (content): Merge conflict in config/credentials/development.yml.enc

Detail

The Pull Request add an --internalise-conflicts option to the rails credentials edit command.

If there is a merge conflict, this option decrypts both versions of the file in the conflict, uses git to combine them so the merge conflict is resolved or added to the unencrypted text, writes it to the encrypted file and then continues with the normal edit command flow.

PR

I have an initial PR ready with the feature.
The PR is just to the forked repo so people can check the changes.
I would like to see if it’s just a me problem, and merge with the credentials diff enrolling is supposed to fix it?.
Or if anyone else thinks the PR is a good idea.

I first implemented the resolution at the encrypted file level in active support, which didn’t need writing the encrypted file before editing, but refactored it to be an option on the credential edit command itself to limit the potential impacts.

Thanks!
SixiS

Just an update.
Still wasn’t sure something this specific really needed to be a part of Rails.
Decided to turn it into a gem instead for now.