Project

secvault

0.0
The project is in a healthy, maintained state
secvaultunnitallman/secvaultHomepageDocumentationSource CodeBug TrackerWiki
Secvault restores the classic Rails secrets.yml functionality that was removed in Rails 7.2, using simple, plain YAML files for environment-specific secrets management. Compatible with Rails 7.1+, 7.2+ and 8.0+.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
7,926
Stars
0
Forks
0
Watchers
0
 Releases
Current version
3.3.0
Total releases
18
First release
2025-09-22
Latest release
2025-09-30
 Issues
Open Issues
0
Closed Issues
2
Total Issues
2
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
2
Closed Pull Requests
2
Merged Pull Requests
1
Pull Request Acceptance Rate
20%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-09-25
Reverse Dependencies
0

 Dependencies

Development

rspec_junit_formatter
~> 0.6

Runtime

rails
>= 7.1.0
zeitwerk
~> 2.6
 Project Readme

Secvault

Simple YAML secrets management for Rails. Uses standard YAML anchors for sharing configuration.

Gem Version CI

Installation

gem 'secvault'

Usage

1. Add to initializer:

# config/initializers/secvault.rb
Secvault.start!

2. Create secrets file:

# config/secrets.yml
defaults: &defaults
  app_name: "MyApp"

development:
  <<: *defaults
  secret_key_base: "dev_secret"
  api_key: "dev_key"

production:
  <<: *defaults
  secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
  api_key: <%= ENV['API_KEY'] %>

3. Use in your app:

Secvault.secrets.api_key
Secvault.secrets.app_name

Options

Secvault.start!(
  files: ['config/secrets.yml'],     # Files to load (later files override earlier ones)
  integrate_with_rails: false,       # Add Rails.application.secrets
  set_secret_key_base: true,         # Auto-set Rails.application.config.secret_key_base from secrets
  hot_reload: true,                  # Auto-reload in development
  logger: true                       # Log loading activity
)

Multiple files:

# Later files override earlier ones
Secvault.start!(files: ['secrets.yml', 'local.yml'])

Rails integration:

Secvault.start!(integrate_with_rails: true)
Rails.application.secrets.api_key  # Now available

Secret key base:

# If your secrets.yml has secret_key_base, it's automatically set
# This replaces the need for Rails.application.config.secret_key_base
Secvault.start!(set_secret_key_base: true)  # Default behavior

Advanced

ERB templating:

production:
  api_key: <%= ENV['API_KEY'] %>
  pool_size: <%= ENV.fetch('DB_POOL', '5').to_i %>

YAML anchors for sharing:

defaults: &defaults
  app_name: "MyApp"
  timeout: 30

development:
  <<: *defaults
  debug: true

production:
  <<: *defaults
  timeout: 10  # Override specific values

Development helpers:

reload_secrets!            # Reload files
Secvault.active?           # Check status

License

MIT