cas*_*h22 10 ruby-on-rails credentials ruby-on-rails-6
使用 Rails 6(或 5.2)加密凭据,我在管理和解决文件中的合并冲突时遇到了困难credentials.yml.enc。正如文档中所述,目的是将加密凭据添加到源代码管理中(https://guides.rubyonrails.org/security.html#custom-credentials)
例如,
branch_a添加凭据service a并合并到 master
branch_b添加凭据service b并在变基时,文件中的冲突credentials.yml.enc如下所示:
<<<<<<< HEAD
sahdkajshdkajhsdkjahsdkjahsdkajhsdkjahsdkjahdskjahsdjkahsdencryptedstring-a09dpjmcas==
=======
laskdjalksjdlakjsdlaksjdlakjsdlaksjdlakjsdlajsdlkajsdlkjasdljalsdajsdencryptedstringrere=
>>>>>>> branch_b
我可以查看每个分支上的未加密内容credentials.yml.enc并非常手动地解决冲突,但是是否有更好的方法来管理凭据以避免这些凭据冲突。
我不相信有更好的方法,没有。
由于加密的性质,无法在加密状态下解析它。如果这是可能的,则意味着您可以以某种方式知道加密状态下文件的值和密钥。
进行合并时,应解决源文件中的所有冲突,然后重新运行生成加密文件的命令,然后完成合并。
小智 5
有可能的。从rails credentials使用情况来看:
=== Set up Git to Diff Credentials
Rails provides `rails credentials:diff --enroll` to instruct Git to call `rails credentials:diff`
when `git diff` is run on a credentials file.
Running the command enrolls the project such that all credentials files use the
"rails_credentials" diff driver in .gitattributes.
Additionally since Git requires the driver itself to be set up in a config file
that isn't tracked Rails automatically ensures it's configured when running
`credentials:edit`.
Otherwise each co-worker would have to run enable manually, including on each new
repo clone.