使用rails 6(或5.2(加密凭据,我在管理和解决credentials.yml.enc文件中的合并冲突时遇到了困难。如文档中所述,其目的是可以将加密凭据添加到源代码管理中(https://guides.rubyonrails.org/security.html#custom-凭证(
例如。branch_a为service a添加凭据并合并到masterbranch_b为service b添加凭据,当重新建立基础时,credentials.yml.enc文件中的冲突看起来像这样:
<<<<<<< HEAD
sahdkajshdkajhsdkjahsdkjahsdkajhsdkjahsdkjahdskjahsdjkahsdencryptedstring-a09dpjmcas==
=======
laskdjalksjdlakjsdlaksjdlakjsdlaksjdlakjsdlajsdlkajsdlkjasdljalsdajsdencryptedstringrere=
>>>>>>> branch_b
我可以查看每个分支上未加密的credentials.yml.enc,并手动解决冲突,但是否有更好的方法来管理凭据,以避免这些凭据冲突。
这是可能的。来自rails credentials用法:
=== Set up Git to Diff Credentials
Rails provides `rails credentials:diff --enroll` to instruct Git to call `rails credentials:diff`
when `git diff` is run on a credentials file.
Running the command enrolls the project such that all credentials files use the
"rails_credentials" diff driver in .gitattributes.
Additionally since Git requires the driver itself to be set up in a config file
that isn't tracked Rails automatically ensures it's configured when running
`credentials:edit`.
Otherwise each co-worker would have to run enable manually, including on each new
repo clone.
我认为没有更好的方法,没有。
由于加密的性质,在加密状态下无法解决它。如果可能的话,这意味着您可以以某种方式知道处于加密状态的文件的值和密钥。
进行合并时,应解决源文件中的任何冲突,然后重新运行生成加密文件的命令,然后完成合并。
如果您没有rails credentials:diff。。。
可以合并它们,但必须对它们进行解密。
在处理合并冲突时,您可以运行git mergetool,它应该生成4个文件:
config/credentials.yml_BACKUP_84723.enc
config/credentials.yml_LOCAL_84723.enc
config/credentials.yml_BASE_84723.enc
config/credentials.yml_LOCAL_84723.enc
您可能需要在一个终端窗口中运行git mergetool,然后在另一个窗口中运行此脚本:请注意,这将在本地计算机上公开您的凭据。
# Temporarily move credentials file to another location
mv config/credentials.yml.enc ~/Desktop/credentials_temp.yml.enc
# Copy local file to original location
cp config/credentials.yml_LOCAL_* config/credentials.yml.enc
# Decrypt and send decrypted credentials to desktop
rails credentials:show > ~/Desktop/credentials_local.yaml
# Delete the copied local file
rm config/credentials.yml.enc
# Copy remote file to original location
cp config/credentials.yml_REMOTE_* config/credentials.yml.enc
# Decrypt and send decrypted credentials to desktop
rails credentials:show > ~/Desktop/credentials_remote.yaml
# Delete the copied remote file
rm config/credentials.yml.enc
# Move credentials file back
mv ~/Desktop/credentials_temp.yml.enc config/credentials.yml.enc
# See diffs or open both
diff ~/Desktop/credentials_local.yaml ~/Desktop/credentials_remote.yaml
# Delete the decrypted files
rm ~/Desktop/credentials_local.yaml ~/Desktop/credentials_remote.yaml
本地在左边。遥控器在右边。享受
通常建议忽略版本控制中的凭据,即.gitignore,并通过环境变量进行配置。