Simple YAML secrets management for Rails. Uses standard YAML anchors for sharing configuration.
gem 'secvault'1. Add to initializer:
# config/initializers/secvault.rb
Secvault.start!2. Create secrets file:
# config/secrets.yml
defaults: &defaults
app_name: "MyApp"
development:
<<: *defaults
secret_key_base: "dev_secret"
api_key: "dev_key"
production:
<<: *defaults
secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
api_key: <%= ENV['API_KEY'] %>3. Use in your app:
Secvault.secrets.api_key
Secvault.secrets.app_nameSecvault.start!(
files: ['config/secrets.yml'], # Files to load (later files override earlier ones)
integrate_with_rails: false, # Add Rails.application.secrets
set_secret_key_base: true, # Auto-set Rails.application.config.secret_key_base from secrets
hot_reload: true, # Auto-reload in development
logger: true # Log loading activity
)Multiple files:
# Later files override earlier ones
Secvault.start!(files: ['secrets.yml', 'local.yml'])Rails integration:
Secvault.start!(integrate_with_rails: true)
Rails.application.secrets.api_key # Now availableSecret key base:
# If your secrets.yml has secret_key_base, it's automatically set
# This replaces the need for Rails.application.config.secret_key_base
Secvault.start!(set_secret_key_base: true) # Default behaviorERB templating:
production:
api_key: <%= ENV['API_KEY'] %>
pool_size: <%= ENV.fetch('DB_POOL', '5').to_i %>YAML anchors for sharing:
defaults: &defaults
app_name: "MyApp"
timeout: 30
development:
<<: *defaults
debug: true
production:
<<: *defaults
timeout: 10 # Override specific valuesDevelopment helpers:
reload_secrets! # Reload files
Secvault.active? # Check statusMIT