Project

my_credentials

0.0
The project is in a healthy, maintained state
my_credentialspsalazar/my_credentialsHomepageDocumentationSource CodeBug Tracker
Rails-like encrypted credentials, without Rails. Easily manage secrets per environment in any Ruby project.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
207
Stars
0
Forks
0
Watchers
0
 Releases
Current version
0.1.0
Total releases
1
First release
2025-09-28
Latest release
2025-09-28
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-09-28
Reverse Dependencies
0

 Dependencies

Runtime

activesupport
~> 8.0
thor
~> 1.4
 Project Readme

MyCredentials

๐Ÿ” MyCredentials is a Ruby gem for securely managing sensitive variables, similar to Rails.credentials, but completely independent from Rails.

It uses AES-128-GCM encryption via ActiveSupport::EncryptedFile to protect API keys, tokens, passwords, and more.

โš ๏ธ Experimental โ€“ This gem was originally built for internal use. It's simple and may not cover every use case. Use at your own discretion.

Features

  • ๐Ÿ”’ Secure encryption with per-environment keys
  • ๐Ÿ“„ .yml.enc files per environment (development, production, etc.)
  • ๐Ÿ—๏ธ Automatically generates the .key file if missing
  • ๐Ÿงช Works in any Ruby app (no Rails required)
  • ๐Ÿงฐ Hash-style access: MyCredentials[:api_key]
  • ๐Ÿ“ Interactive editor to modify credentials (MyCredentials.edit(:env))

Installation

Add the gem to your Gemfile:

gem "my_credentials", path: "../path/to/gem"

Then run:

bundle install

Basic Usage

Create credentials

From the terminal or a script:

EDITOR=vim mycredentials edit --environment staging

This command:

  • Creates config/credentials/development.key if it doesn't exist
  • Creates config/credentials/development.yml.enc if it doesn't exist
  • Opens the decrypted file in your configured editor ($EDITOR or vim)

Read variables

require "my_credentials"

api_key = MyCredentials[:api_key]
mailgun_domain = MyCredentials[:mailgun][:domain]

Configuration (optional)

If you need to customize the path or environment:

MyCredentials.configure do |config|
  config.secrets_path = "config/credentials"  # Base path for files
  config.env = "production"                   # Environment to use
end

If not configured, the defaults are:

  • Path: config/credentials/
  • Environment: determined from ENV["MYC_ENV"], ENV["RACK_ENV"], ENV["APP_ENV"], or "development"

Expected File Structure

config/credentials/
โ”œโ”€โ”€ development.yml.enc
โ”œโ”€โ”€ development.key
โ”œโ”€โ”€ production.yml.enc
โ”œโ”€โ”€ production.key

The .key file should be kept out of version control.

Security

Never commit your key files

Add this to your .gitignore:

# MyCredentials key files
/config/credentials/*.key

You can also use the MYC_MASTER_KEY environment variable instead of storing the key on disk.

Example decrypted file

api_key: abc123
mailgun:
  api_key: mg-abc987
  domain: example.com

Requirements

  • Ruby >= 3.1
  • activesupport >= 8.0

Generate key manually

If you'd rather generate the key manually:

openssl rand -hex 16 > config/credentials/development.key

Inspiration

  • Rails.application.credentials
  • ActiveSupport::EncryptedFile

License

MIT License ยฉ 2025 Pablo Salazar