use aws secret

1 year ago · e5b0a2355f
parent db22fe7518
commit e5b0a2355f
3 changed files with 35 additions and 14 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@ ruby '3.3.3'

 gem 'arabic-letter-connector', require: 'arabic-letter-connector/logic'
 gem 'aws-sdk-s3', require: false
+gem 'aws-sdk-secretsmanager', require: false
 gem 'azure-storage-blob', require: false
 gem 'bootsnap', require: false
 gem 'cancancan'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -96,6 +96,9 @@ GEM
      aws-sdk-core (~> 3, >= 3.191.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.8)
+    aws-sdk-secretsmanager (1.91.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
+      aws-sigv4 (~> 1.1)
    aws-sigv4 (1.8.0)
      aws-eventstream (~> 1, >= 1.0.2)
    azure-storage-blob (2.0.3)
@ -563,6 +566,7 @@ DEPENDENCIES
  annotate
  arabic-letter-connector
  aws-sdk-s3
+  aws-sdk-secretsmanager
  azure-storage-blob
  better_html
  bootsnap
--- a/config/dotenv.rb
+++ b/config/dotenv.rb
@ -1,6 +1,21 @@
 # frozen_string_literal: true

-if ENV['RAILS_ENV'] == 'production' && ENV['SECRET_KEY_BASE'].to_s.empty?
+if ENV['RAILS_ENV'] == 'production'
+  if !ENV['AWS_SECRET_MANAGER_ID'].to_s.empty?
+    require 'aws-sdk-secretsmanager'
+
+    client = Aws::SecretsManager::Client.new
+
+    secret_id = ENV.fetch('AWS_SECRET_MANAGER_ID', '')
+
+    client.get_secret_value(secret_id:).secret_string.split("\n").each do |line|
+      key, value = line.split('=', 2)
+
+      ENV[key] = value if !key.to_s.empty? && !value.to_s.empty?
+    end
+
+    RubyVM::YJIT.enable if ENV['RUBY_YJIT_ENABLE'] == 'true'
+  elsif ENV['SECRET_KEY_BASE'].to_s.empty?
    require 'dotenv'
    require 'securerandom'

@ -20,6 +35,7 @@ if ENV['RAILS_ENV'] == 'production' && ENV['SECRET_KEY_BASE'].to_s.empty?
    Dotenv.load(dotenv_path)

    ENV['DATABASE_URL'] = ENV['DATABASE_URL'].to_s.empty? ? database_url : ENV.fetch('DATABASE_URL', nil)
+  end
 end

 if ENV['DATABASE_URL'].to_s.split('@').last.to_s.split('/').first.to_s.include?('_')