Add gitignores for rails credentials

We're switching to rails credentials to keep current with rails 7.1 and the future. Note, we're assuming we won't want to commit and share encrypted credentials. If we want to share them, such as for recording cassettes, the comments describe how to switch to only ignoring the plain text encryption key files. Followup to: ManageIQ#23254 Required for: ManageIQ/manageiq-providers-autosde#253
jrafanie · Nov 13, 2024 · 45d2578 · 45d2578
1 parent 50ff2d0
commit 45d2578
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -24,7 +24,6 @@
 BUILD
 ca/root
 certs/v2_key
-config/secrets.yml*
 coverage/
 Gemfile.lock*
 !Gemfile.lock.release
@@ -46,6 +45,23 @@ config/database.yml*
 config/messaging.yml
 config/vmdb.yml.db
 
+# See: EDITOR=vi be rails credentials:edit --help for more information
+# Rails credentials follow the following pattern:
+# If ENV['RAILS_MASTER_KEY'] isn't specified:
+# Global is used:
+#   * config/master.key (plain text encryption key)
+#   * config/credentials.yml.enc (encrypted credentials file)
+# If --environment test, the overrides for that environment is used:
+#   * config/credentials/test.key
+#   * test.yml.enc
+# If we want to commit and share encrypted credentials, we can change the two lines below to:
+#   config/*.key
+#   config/credentials/*.key
+config/credentials*
+config/master.key
+
+# For legacy rails secrets
+config/secrets.yml*
 config/initializers/*.local.rb
 
 config/settings.local.yml