Module: Cloudflare::Email::Credentials

Defined in:: lib/cloudflare/email/credentials.rb

Overview

Unified credential lookup.

Precedence:

1. Rails.application.credentials.dig(:cloudflare, key) — encrypted credentials.yml.enc
   (respects per-environment files: config/credentials/{env}.yml.enc when present)
2. ENV["CLOUDFLARE_#{KEY}"] — env vars, including anything dotenv or foreman loaded from .env

Supported keys:

account_id       — Cloudflare account ID
api_token        — runtime token used by the delivery method (needs Email Sending: Send)
management_token — higher-privilege token used by deploy/provision rake tasks
                   (needs Workers Scripts: Edit, Zone: Read, Email Routing: Edit).
                   Falls back to api_token if not set.
ingress_secret   — HMAC shared secret between Worker and Rails ingress

Class Method Summary collapse

.account_id ⇒ Object
.api_token ⇒ Object
.fetch(key) ⇒ Object
.ingress_secret ⇒ Object
.management_token ⇒ Object

For deploy_worker, provision_route, and dev tasks.
.rails_credentials_dig(key) ⇒ Object
.split_tokens? ⇒ Boolean

True if the user has set a separate management token.

Class Method Details

.account_id ⇒ `Object`



19
20
21

# File 'lib/cloudflare/email/credentials.rb', line 19

def account_id
  fetch(:account_id)
end

.api_token ⇒ `Object`



23
24
25

# File 'lib/cloudflare/email/credentials.rb', line 23

def api_token
  fetch(:api_token)
end

.fetch(key) ⇒ `Object`

# File 'lib/cloudflare/email/credentials.rb', line 44

def fetch(key)
  from_rails = rails_credentials_dig(key)
  return from_rails unless from_rails.empty?
  ENV["CLOUDFLARE_#{key.to_s.upcase}"].to_s
end

.ingress_secret ⇒ `Object`



35
36
37

# File 'lib/cloudflare/email/credentials.rb', line 35

def ingress_secret
  fetch(:ingress_secret)
end

.management_token ⇒ `Object`

For deploy_worker, provision_route, and dev tasks. Prefer a dedicated higher-privilege token if the user has split them; otherwise reuse api_token (most single-token setups).

# File 'lib/cloudflare/email/credentials.rb', line 30

def management_token
  token = fetch(:management_token)
  token.empty? ? api_token : token
end

.rails_credentials_dig(key) ⇒ `Object`

# File 'lib/cloudflare/email/credentials.rb', line 50

def rails_credentials_dig(key)
  return "" unless defined?(Rails) && Rails.respond_to?(:application) && Rails.application
  Rails.application.credentials.dig(:cloudflare, key).to_s
rescue StandardError
  ""
end

.split_tokens? ⇒ `Boolean`

True if the user has set a separate management token.

Returns:

(Boolean)



40
41
42

# File 'lib/cloudflare/email/credentials.rb', line 40

def split_tokens?
  !fetch(:management_token).empty?
end

Module: Cloudflare::Email::Credentials

Overview

Class Method Summary collapse

Class Method Details

.account_id ⇒ Object

.api_token ⇒ Object

.fetch(key) ⇒ Object

.ingress_secret ⇒ Object

.management_token ⇒ Object

.rails_credentials_dig(key) ⇒ Object