Rails 5.2 does not generate config / secrets.yml when creating a new app It seems that config / credentials.yml.enc is now generated instead.
If you are already operating with an older version of Rails in a production environment and want to upgrade to Rails 5.2 It seems that the mechanism of config / credentials.yml.enc is used instead of config / secrets.yml.
Up to Rails 5.2, there seems to be a way to use the conventional config / secrets.yml etc. I thought about upgrading Rails 6 and introduced config / credentials.yml.enc. I will post it as a memorandum.
Since credentials.yml.enc cannot be edited directly from the editor, create and edit by specifying the editor in the terminal.
$ EDITOR=vim bundle exec credentials:edit
By the way, if you set the following in .bash_profile etc., you do not need to specify EDITOR = "vim".
~/.bash_profile
$ echo 'export EDITOR="vim"' >> ~/.bash_profile
$ source ~/.bash_profile
$ bundle exec credentials:edit
Running the above command will generate config / credentials.yml.enc and config / master.key. Be sure to add config / master.key to .gitignore because it is not managed by git.
.gitignore
# Ignore master key for decrypting credentials and more.
/config/master.key
Modify the generated config / credentials.yml.enc as follows.
config/credentials.yml.enc
# aws:
# access_key_id: 123
# secret_access_key: 345
# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
secret_key_base:
--This time, set only secret_key. AWS settings will remain as they are, so leave them commented out --If you enter aws access_key_id, secret_access_key, or other API key on the above screen, it will be encrypted and saved. --No problem if you enter directly without using environment variables --No single or double quotes required
Since credentials are used in the production environment, set the following variable to true in config / environments / production.rb.
config/environments/production.rb
config.require_master_key = true
It cannot be deployed unless master.key is placed in shared / config of the production environment. Transfer config / master.key to the production server with scp command etc.
$ scp -i ~/.ssh/example.pem config/master.key [email protected]:/var/www/AppName/shared/config/master.key
ex. /var/www/AppName/shared/config/master.key
Alternatively, set the RAILS_MASTER_KEY environment variable in the bash file of the production server. Capistrano is not loaded even if you write it in .bash_profile, so you need to write it in ~ / .bashrc. Export config / master.key as RAILS_MASTER_KEY. In other words, set the following in .bashrc.
~/.bashrc
export RAILS_MASTER_KEY='XXXXXXXXXXXXXXXXXXX'
Next, specify a symbolic link in the configuration file at the time of deployment with config / deploy.rb.
set :linked_files, fetch(:linked_files, []).push('config/master.key')
$ bundle exec cap production deploy
Recommended Posts