From 45d25781a73b3d75e88d054ea7c5faff04d68450 Mon Sep 17 00:00:00 2001
From: Joe Rafaniello <jrafanie@gmail.com>
Date: Tue, 12 Nov 2024 16:14:22 -0500
Subject: [PATCH] Add gitignores for rails credentials

We're switching to rails credentials to keep current with rails 7.1 and the future.
Note, we're assuming we won't want to commit and share encrypted credentials. If we want
to share them, such as for recording cassettes, the comments describe how to switch to only
ignoring the plain text encryption key files.

Followup to:  https://github.com/ManageIQ/manageiq/pull/23254
Required for: https://github.com/ManageIQ/manageiq-providers-autosde/pull/253
---
 .gitignore | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 9157f0f6492..4b9065042a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,7 +24,6 @@
 BUILD
 ca/root
 certs/v2_key
-config/secrets.yml*
 coverage/
 Gemfile.lock*
 !Gemfile.lock.release
@@ -46,6 +45,23 @@ config/database.yml*
 config/messaging.yml
 config/vmdb.yml.db
 
+# See: EDITOR=vi be rails credentials:edit --help for more information
+# Rails credentials follow the following pattern:
+# If ENV['RAILS_MASTER_KEY'] isn't specified:
+# Global is used:
+#   * config/master.key (plain text encryption key)
+#   * config/credentials.yml.enc (encrypted credentials file)
+# If --environment test, the overrides for that environment is used:
+#   * config/credentials/test.key
+#   * test.yml.enc
+# If we want to commit and share encrypted credentials, we can change the two lines below to:
+#   config/*.key
+#   config/credentials/*.key
+config/credentials*
+config/master.key
+
+# For legacy rails secrets
+config/secrets.yml*
 config/initializers/*.local.rb
 
 config/settings.local.yml