Ensure .env file is only accessible to user

2023-02-11 12:56:57 +01:00
parent 0f4e1888d9
commit 63a065237a
1 changed files with 6 additions and 2 deletions
--- a/lib/mrsk/cli/main.rb
+++ b/lib/mrsk/cli/main.rb
@@ -107,10 +107,14 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
  desc "envify", "Create .env by evaluating .env.erb (or .env.staging.erb -> .env.staging when using -d staging)"
  def envify
    if destination = options[:destination]
-      File.write(".env.#{destination}", ERB.new(IO.read(Pathname.new(File.expand_path(".env.#{destination}.erb")))).result)
+      env_template_path = ".env.#{destination}.erb"
+      env_path          = ".env.#{destination}"
    else
-      File.write(".env", ERB.new(IO.read(Pathname.new(File.expand_path(".env.erb")))).result)
+      env_template_path = ".env.erb"
+      env_path          = ".env"
    end
+
+    File.open(env_path, "w+", 0600) { |env_file| env_file.write ERB.new(Pathname.new(env_template_path).read).result }
  end

  desc "remove", "Remove Traefik, app, and registry session from servers"