Class: RuboCop::Cop::Neeto::DirectEnvAccess

Inherits:

Base

• Object
• Base
• RuboCop::Cop::Neeto::DirectEnvAccess

Defined in:

lib/rubocop/cop/neeto/direct_env_access.rb

Overview

‘config/secrets.yml` provides a single source of truth for all environment variables and their fallback values, loaded via Rails’ built-in ‘config_for`. Direct usage of `ENV` bypasses this system, making it harder to track what environment variables are being used and their defaults. This cop enforces that all environment variable access goes through `Rails.application.secrets`.

Examples:

DirectEnvAccess: true (default)

# Enforces the usage of `Rails.application.secrets` over direct `ENV` access.

# bad
api_key = ENV['STRIPE_API_KEY']

# bad
default_timezone = ENV['DEFAULT_TIMEZONE'] || 'UTC'

# good
api_key = Rails.application.secrets.stripe_api_key

# good
default_timezone = Rails.application.secrets.default_timezone

# good (ENV access is permitted in directories other than the app directory)
config.log_level = ENV.fetch('LOG_LEVEL', 'info')

Constant Summary

MSG =

"Do not use ENV directly. " \
"Use Rails.application.secrets to maintain a single source of truth for configuration."

Instance Method Summary

• #on_const(node) ⇒ Object

Instance Method Details

#on_const(node) ⇒ Object

# File 'lib/rubocop/cop/neeto/direct_env_access.rb', line 39

def on_const(node)
  return unless env_access?(node)

  add_offense(node)
end