Rake tasks to manage credentials

credentials.rake

# frozen_string_literal: true

# These are custom Rake tasks to decrypt credentials in plain files and encrypt them back after changes (useful for editing in your local IDE if the development environment is Docker, where `rails credentials:edit` can't open your IDE):

# ```bash
# # Decrypt credentials
# bin/rails credentials:decrypt

# # Encrypt credentials
# bin/rails credentials:encrypt
# ```

namespace :credentials do
  desc 'Decrypt credentials'
  task decrypt: :environment do
    Rails.root.glob('config/credentials/*.yml.enc').each do |encrypted_path|
      env = File.basename(encrypted_path, '.yml.enc')
      key_path = Rails.root.join("config/credentials/#{env}.key")
      decrypted_path = Rails.root.join("config/credentials/#{env}.yml")
      puts("Decrypting #{encrypted_path} to #{decrypted_path}")
      encrypted = Rails.application.encrypted(encrypted_path, key_path:)
      File.write(decrypted_path, encrypted.read)
    end
  end

  desc 'Encrypt credentials'
  task encrypt: :environment do
    Rails.root.glob('config/credentials/*.yml').each do |decrypted_path|
      env = File.basename(decrypted_path, '.yml')
      key_path = Rails.root.join("config/credentials/#{env}.key")
      encrypted_path = Rails.root.join("config/credentials/#{env}.yml.enc")
      puts("Encrypting #{decrypted_path} to #{encrypted_path}")
      encrypted = Rails.application.encrypted(encrypted_path, key_path:)
      encrypted.write(File.read(decrypted_path))
    end
  end

  desc 'Remove decrypted credentials'
  task remove_decrypted: :environment do
    Rails.root.glob('config/credentials/*.yml').each do |decrypted_path|
      File.delete(decrypted_path)
      puts("Deleted #{decrypted_path}")
    end
  end
end