From 943909140cd0cf6fb9fd979e52b432e807d250fb Mon Sep 17 00:00:00 2001
From: Joe Rafaniello <jrafanie@gmail.com>
Date: Tue, 12 Nov 2024 16:14:22 -0500
Subject: [PATCH] Add gitignores for rails credentials

We're switching to rails credentials to keep current with rails 7.1 and the future.
Note, we're assuming we won't want to commit and share encrypted credentials. If we want
to share them, such as for recording cassettes, the comments describe how to switch to only
ignoring the plain text encryption key files.

Followup to:  https://github.com/ManageIQ/manageiq/pull/23254
Required for: https://github.com/ManageIQ/manageiq-providers-autosde/pull/253
---
 .gitignore | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 9157f0f64922..94905f9c534c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,7 +24,6 @@
 BUILD
 ca/root
 certs/v2_key
-config/secrets.yml*
 coverage/
 Gemfile.lock*
 !Gemfile.lock.release
@@ -46,6 +45,23 @@ config/database.yml*
 config/messaging.yml
 config/vmdb.yml.db
 
+# See: rails credentials:edit --help for more information
+# Rails credentials follow the following pattern:
+# If ENV['RAILS_MASTER_KEY'] isn't specified:
+# Global is used:
+#   * config/master.key (plain text encryption key)
+#   * config/credentials.yml.enc (encrypted credentials file)
+# If --environment test, the overrides for that environment is used:
+#   * config/credentials/test.key
+#   * test.yml.enc
+# If we want to commit and share encrypted credentials, we can change the two lines below to:
+#   config/*.key
+#   config/credentials/*.key
+config/credentials*
+config/master.key
+
+# For legacy rails secrets
+config/secrets.yml*
 config/initializers/*.local.rb
 
 config/settings.local.yml