In the older version of rails 5.2, we place all our credentials inside
config/secrets.yml. But later rails 5.2 and upcoming versions replaced the current
Before Using Rails Credentials
- Add a key inside
config/credentials/production.keybefore using rails credentials
- Save the key that you added inside the file
We can use more files based on the environment
config/credentials/production.key config/credentials/staging.key config/credentials/development.key
This is the key used to encrypt the credentials, so if we miss this key then we can’t decrypt our file to edit or use the credentials inside our
- As credentials are encrypted and saved in the file
config/credentials/production.yml.encso to add your credentials inside this we should run this command in the terminal
$ EDITOR="nano" rails credentials:edit
- If you’re using different credentials based on the environment you should pass the environment name when we running the command
- Add your credentials inside the file
To add credentials using other editors you can simply change the name
$ EDITOR="subl --wait" rails credentials:edit
$ EDITOR="subl --wait" rails credentials:edit --environment production $ EDITOR="subl --wait" rails credentials:edit --environment staging $ EDITOR="subl --wait" rails credentials:edit --environment development
aws: access_key_id: 123 secret_access_key: 345 secret_key_base: 84fd6106329678ce7c098f66b7770463f7de50658339f221f8a662d64557295e7b6977c32cba10a00a573868799d9adb04f6e783acc31ef56704161572d9ee3b
When you save the file and exit your editor, you should be prompted in the terminal with the following message:
File encrypted and saved.
- The key-value pair we added to the credentials file is available for us to use in our application through the
- To check if our addition has been encrypted properly, let’s open up the rails console and try to access (decrypt) the value.
- We can call rails credentials inside the project in various ways eg.
$ rails c Loading development environment (Rails 5.2.0.rc1)  pry(main)> Rails.application.credentials.aws[:access_key_id] => 123
Rails.application.credentials.aws[:access_key_id] Rails.application.credentials.dig(:aws, :access_key_id) Rails.application.credentials.dig(:secret_key_base)
Adding The Master Key On Cloud66
We can add our master key to Cloud66 as an environment variable.
- Click on
Configurationon the right side of the cloud66 dashboard.
- Under the
Environment Variablestab, you can find
+ Add new variableclick on this to add your custom environment variables
- Enter your master key name and its value. Example,
- Place this master key inside your
config/credentials/production.ymlfile to encrypt and decrypt credentials.
Key = RAILS_MASTER_KEY Value = f322f4eab45b202e2123e160eeffser1
Note: The file will decrypt and open automatically at the time when we run the command
EDITOR="subl --wait" rails credentials:edit --environment production to editing if the key presented inside the file
config/credentials/production.yml was the correct one which is used before the generation of