Rails Credentials - TodoLegal/TodoLegal GitHub Wiki
Taken from: https://medium.com/@wintermeyer/goodbye-secrets-welcome-credentials-f4709d9f4698
Once you installed Rails 5.2 each of your new Rails projects has an already good to go setup for using credentials. No more generating keys manually. The important master key is automatically generated and stored in the file config/master.key
which can be shared with other developers in the team but which should never be checked into the Git repository. The default .gitignore
has been updated accordingly:
Ignore master key for decrypting credentials and more.
/config/master.key
Editing Credentials
All credentials are stored encrypted in the file config/credentials.yml.enc
. Obviously you can not edit the file directly. You have to use the command rails credentials:edit
to edit them. For that to work you have to set the shell environment variable EDITOR
first. Or you can do both with this one liner in your Bash shell:
$ EDITOR=nano rails credentials:edit
Now you can edit your credentials in yaml
format. In this example I add a credential with the name foobar and the value test:
# aws:
# access_key_id: 123
# secret_access_key: 345# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
secret_key_base: 9846dad34a3168…68d634f
foobar: test
Accessing Credentials
You can access a credential anywhere in your application with AppName::Application.credentials.name_of_the_credential
. An example from within the console:
$ rails console
Running via Spring preloader in process 19662
Loading production environment (Rails 5.2.0)
>> Shop::Application.credentials.foobar
=> “test”
>> exit
If you like this post I’d like to ask you for a favour:
Create an account at my open-source business network https://www.vutuv.de
Thank you and see you there!
Server
To use the credentials in production you have to copy the config/master.key
file to your production environment or setting it up with an environment variable.