namespace :secrets do desc "Decrypt your secrets rake secrets:decrypt" task :decrypt do puts "Decrypting your files, sir" %w(config/application.yml config/database.yml).each do |p| sh("aws kms decrypt --ciphertext-blob fileb://#{p}.enc --output text --query Plaintext | base64 --decode > #{p}") if File.file?(p) end end desc "Encrypt your secrets rake secrets:encrypt" task :encrypt do puts "Encrypting your files, sir" %w(config/application.yml config/database.yml).each do |p| sh("aws kms encrypt --key-id arn:aws:kms:us-west-2:155751353262:alias/properties --plaintext fileb://#{p} --output text --query CiphertextBlob | base64 --decode > #{p}.enc") if File.file?(p) end end end