Class: RuboCop::Cop::Neeto::DirectEnvAccess

Inherits:

Base

• Object
• Base
• RuboCop::Cop::Neeto::DirectEnvAccess

Defined in:

lib/rubocop/cop/neeto/direct_env_access.rb

Overview

Rails had ‘secrets.yml` which provided a single source of truth for all environment variables and their fallback values. Rails deprecated this in favor of encrypted credentials, so we created Secvault (github.com/neetozone/secvault) to maintain centralized configuration. Direct usage of `ENV` bypasses this system, making it harder to track what environment variables are being used and their defaults. This cop enforces that all environment variable access goes through `Secvault.secrets`.

Examples:

DirectEnvAccess: true (default)

# Enforces the usage of `Secvault.secrets` over direct `ENV` access.

# bad
api_key = ENV['STRIPE_API_KEY']

# bad
default_timezone = ENV['DEFAULT_TIMEZONE'] || 'UTC'

# good
api_key = Secvault.secrets.stripe_api_key

# good
default_timezone = Secvault.secrets.default_timezone

# good (ENV access is permitted in directories other than the app directory)
config.log_level = ENV.fetch('LOG_LEVEL', 'info')

Constant Summary

MSG =

"Do not use ENV directly. " \
"Use Secvault.secrets to maintain a single source of truth for configuration."

Instance Method Summary

• #on_const(node) ⇒ Object

Instance Method Details

#on_const(node) ⇒ Object

# File 'lib/rubocop/cop/neeto/direct_env_access.rb', line 40

def on_const(node)
  return unless env_access?(node)

  add_offense(node)
end