Production environment and credentials.yml.enc

What I want to convey in this article

** Check carefully ** before handling confidential information in your production environment with credentials. Absolutely no copy.

Basic knowledge About encryption and decryption

~Development environment~

$config when rails new/master.credentials with key.yml.enc seems to be created.


 Then use this master.key to encrypt and decrypt.
 (Keep the master.key in a safe place)

 Execute the following command to edit the confidential information.

$ rails credentials:edit #master.If the key does not exist, execute it to create a new one.



 ** ~ Production environment ~ **
 You will also need secret_key_base for encryption and decryption.
 Create it locally by running the ``` $ rails secret``` command.
 Place the local master.key on the server in advance.

# Be careful in the production environment
 I mentioned earlier that master.key is used to encrypt and decrypt credentials.yml.enc. This master.key is registered in gitignore by default, so it is not managed by Git.

 It is important from here.
 Of course, even if I clone the git repository with EC2, this master.key does not come to the server.
 If I forget about that and execute the `` `$ rails credentials: edit``` command to add the secret information of the production environment ... Since there is no master.key on the server, it will be newly generated. ..

 At this point, the local master.key and the server master.key are different and credentials.yml.enc cannot be decrypted. Oh, it's hard.

Couldn't decrypt config/credentials.yml.enc. Perhaps you passed the wrong key?

 Such an error,

ActiveSupport::MessageEncryptor::InvalidMessage


 I get this error.

## I want to decrypt the credentials again
 All you have to do is put the local master.key on the server.


 If you lose master.key, delete config / credentials.yml.enc and then use the following command
 It seems to generate a new one.
 However, please note that all the contents of credentials will be blown away.

$ sudo EDITOR=vim rails credentials:edit


# Rails 6 or later and credentilas.yml.enc
 From 6 onwards, confidential information can be separated for each environment. (Celebration)

 When you want to add information in the production environment, execute the following command.
 Change after environment according to the environment.

$ rails credentials:edit --environment production


 This command creates config / credentials / production.yml.enc and config / credentials / production.key. The corresponding environment is described in the file name and key name respectively.
 You only need to give production.key to the server.

 Even in this case, be careful when handling master.key and secret_key_base.




# reference
 [ActiveSupport :: MessageEncryptor :: InvalidMessage in Rails 5.2](https://qiita.com/scivola/items/cc06ddbfd94d3118f693)

 [Credentials.yml.enc Kihon added from Rails 5.2](https://qiita.com/NaokiIshimura/items/2a179f2ab910992c4d39)

 [Manage passwords with new features of Rails 5.2 such as credentials](https://thr3a.hatenablog.com/entry/20180408/1523156956)

 [[Ruby / Rails] Automate deployment work with Capistrano](https://shikiyura.stars.ne.jp/blog/mac/ruby_rails-automate-deployment-by-capistrano/)

[Add support for multi environment credentials.](https://github.com/rails/rails/pull/33521)


 [Use multi environment credentials from Rails 6](http://saku.hatenadiary.com/entry/2019/11/05/093755)






Recommended Posts

Production environment and credentials.yml.enc
credentials.yml.enc and master.key <Notes>
Build WordPress environment with Docker (Local) and AWS (Production)
[Note] Update to production environment [heroku]
Create a database in a production environment
[Note] Update to production environment (heroku)
Launching the production environment with docker + rails (ver5.2) and errors that occurred
Building Rails 6 and PostgreSQL environment with Docker
How to reflect seeds.rb in production environment
Build and manage RStudio environment with Docker-compose
What is Java and Development Environment (MAC)
Image is not displayed in production environment
[Rails] Reset the database in the production environment
Display the background image in the production environment
Install Docker and create Java runtime environment
Environment construction summary with rvm and postgresql
Minimal Java environment construction and Hello World