How to configure the “dotenv gem” in the rails 7 application for the set environment variable.
Add the below line in the Gemfile
gem 'dotenv-rails', require: 'dotenv/rails-now', groups: [:development]
Run bundle install
Add the below code just below this line Bundler.require(*Rails.groups) in the application.rb
# Load dotenv only in development or test environment
if ['development', 'test'].include? ENV['RAILS_ENV']
Dotenv::Railtie.load
end
Create one file in the app folder with .env name
Add your credentials in this .env file like below
DB_USERNAME: username
DB_PASSWORD: password
Use this env variable in the appropriate place like below.
in the database.yml
default: &default
adapter: postgresql
encoding: unicode
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
host: localhost
username: <%= ENV['DB_USERNAME'] %>
password: <%= ENV['DB_PASSWORD'] %>
Now your ENV variable setup is done. you can check it from the rails console like below.
rails c
> ENV["DB_USERNAME"]
> username
>ENV["DB_PASSWORD"]
> password
Related
I recently switched db's from sqlite3 to PG. My username and password for pg were hard-coded, and although it was working, this was not safe practice. SO I stored my password in an ENV variable in a .yml file, and I reference that variable in my database.yml file, but when I run the server, it gives me the error "PG::ConnectionBad
fe_sendauth: no password supplied"
the following is my pg_keys.yml file
PG_PASSWORD: "***********"
And the following is my database.yml file:
default: &default
adapter: postgresql
encoding: unicode
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
timeout: 5000
development:
<<: *default
database: stockapp_development
username: postgres
password: <%= ENV['PG_PASSWORD'] %>
host: localhost
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test:
<<: *default
database: stockapp_test
host: localhost
username: postgres
password: <%= ENV['PG_PASSWORD'] %>
production:
<<: *default
database: stockapp_production
username: stockapp
password: <%= ENV['STOCKAPP_DATABASE_PASSWORD'] %>
Why is it saying that no password is supplied? Does my database.yml not see the password in the other file? Do I need to export the password?
It is because ENV variables come from https://github.com/bkeepers/dotenv.
Install this gem by adding it to your Gemfile, then run bundle and set the variable PG_PASSWORD=*********** in .env in your root. Then it should work fine.
I've been trying to debug my credentials file in my staging server. Whenever I try to edit the credentials on my staging server, I get the following error:
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:583:in `validate_secret_key_base': `secret_key_base` for staging environment must be a type of String`
My database.yml file looks like the following:
---
default: &default
adapter: postgresql
development:
<<: *default
database: dev_db
host: <%= Rails.application.credentials.database.fetch(:development).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:development).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:development).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:development) %>
test:
<<: *default
database: test_db
host: <%= Rails.application.credentials.database.fetch(:development).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:development).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:development).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:development) %>
staging:
<<: *default
database: <%= Rails.application.credentials.database.fetch(:staging).fetch(:name) %>
host: <%= Rails.application.credentials.database.fetch(:staging).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:staging).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:staging).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:staging) %>
production:
<<: *default
database: <%= Rails.application.credentials.database.fetch(:production).fetch(:name) %>
host: <%= Rails.application.credentials.database.fetch(:production).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:production).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:production).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:production) %>
I think my staging's secret_key_base is of type String. I generated my secret_key_base using rails secret. Locally, when I bring up the rails console, I can view the secret_key_bases for my staging environment:
[1] pry(main)> Rails.application.credentials.secret_key_base.fetch(:staging)
\=> "generated_using_rails_secret"
It returns a string but I still get the error message above whenever I try to access credentials in my staging environment.
I ended up looking at the stack trace and digging into the railties-5.2.0 gem.
Abbreviated stack trace:
ArgumentError: `secret_key_base` for staging environment must be a type of String`
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:583:in `validate_secret_key_base'
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:432:in `secret_key_base'
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:176:in `key_generator'
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:205:in `message_verifier'
I ended up looking in railties-5.2.0/lib/rails/application.rb:432: and seeing the following bit of code:
# The secret_key_base is used as the input secret to the application's key generator, which in turn
# is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies.
#
# In test and development, this is simply derived as a MD5 hash of the application's name.
#
# In all other environments, we look for it first in ENV["SECRET_KEY_BASE"],
# then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications,
# the correct place to store it is in the encrypted credentials file.
def secret_key_base
if Rails.env.test? || Rails.env.development?
Digest::MD5.hexdigest self.class.name
else
validate_secret_key_base(
ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base
)
end
end
I had mistakenly thought I could specify a SECRET_KEY_BASE for an individual environment. Instead, I could only specify one secret key base. The secret key base apparently has nothing to do with database.yml. I need to read up on it and what it actually does.
If you run rails credentials:edit from the command line it will decrypt the config/credentials.yml.enc file.
You can then edit this file to add environment based secret keys like you would have previously added to config/secrets.yml.
When you save this file it will be encrypted again with the new information included.
There is no reason to have the "secret_key_base" in your database.yml file as this will not have any impact.
Nice Article on the new Rails credentials
Additionally just because rails now longer generates a config/secrets.yml file for you, as of rails 5.2, adding one will still work appropriately as it has in previous releases.
In short:
seems that rake does not have access to Rails.application.secrets in config/database.yml file
what is the purpose of config/secrets.yml then?
In long:
When I run
RAILS_ENV=production rake db:migrate
I get the error Mysql2::Error: Access denied for user 'root'#'localhost' (using password: NO), though I specified appropriate values in config/database.yml and the user connecting should not be 'root'. This is an excerpt from respective config files:
# config/database.yml
production:
<<: *default
adapter: mysql2
host: localhost
database: <%= Rails.application.secrets[:database][:name] %>
username: <%= Rails.application.secrets[:database][:username] %>
password: <%= Rails.application.secrets[:database][:password] %>
# config/secrets.yml
production:
secret_key_base: very-long-blah-blah-blah
database:
name: app_db_name
username: app_db_user
password: app_db_password
Seems that rake has no access to Rails.application.secrets. Running migration succeeds when I explicitly put necessary values in database.yml, for example, as follows:
production:
<<: *default
adapter: mysql2
host: localhost
database: <%= Rails.application.secrets[:database][:name] || 'app_db_name' %>
username: <%= Rails.application.secrets[:database][:username] || 'app_db_user' %>
password: <%= Rails.application.secrets[:database][:password] || 'app_db_password' %>
The above proves that Rails.application.secrets[:database][:name] resolves to nothing.
How to have access to Rails.application.secrets in rake? Would this be the correct solution?
I know that I can use ENV[VARNAME] to fill in secret sections of config/database.yml. But what the the purpose of config/secrets.yml file then?
Moreover, I am using Passenger, which means that variables in .bashrc will probably not be accessible to the web server (I had this issue with secret_key_base). Therefore I try to avoid using environment variable. Just do not want to have all my secrets spilled all over the server.
rails-4.2.2, Ubuntu LTS 14.04
I haven't seen such nested content for the secrets.yml like you have, also the release notes doesn't have such kind. You should be just fine with the below code
# config/secrets.yml
production:
secret_key_base: very-long-blah-blah-blah
name: app_db_name
username: app_db_user
password: app_db_password
And in the database.yml
# config/database.yml
production:
<<: *default
adapter: mysql2
host: localhost
database: <%= Rails.application.secrets.name %>
username: <%= Rails.application.secrets.username %>
password: <%= Rails.application.secrets.password %>
I am using rails with figaro for configuration, database user with the name test.
I have a DATABASE_URL in application.yml
DATABASE_URL: "postgresql://localhost/database_name?user=test"
When I run a
rake db:migrate
I get the following error
PG::ConnectionBad: fe_sendauth: no password supplied
Check config/database.yml to ensure your password is wired up for postgresql adapter.
it should look something like this:
default:
adapter: postgresql
database: foo
user: bar
password: <%= ENV['pg_password'] %>
pg_password should be defined in your figaro config, where it becomes accessible as an environment variable.
I just want to emphasize you call the Figaro ENV variables in your .yml using the ERB Syntax :
username: <%= ENV["PG_USERNAME"] %>
password: <%= ENV["PG_PASSWORD"] %>
Hope this helps...!
I currently have a rails project which I deploy to a production server which uses a postgres database. I develop my rails project in Windows, which means that if I want to test locally, I have to change all of the databases in my database.yml file from postgres over to sqlite3 (because setting up Windows to run a postgres server appears to be a pain).
What I would like to be able to do is format my database.yml something like this:
development:
adapter: postgresql
encoding: utf8
database: <%= begin IO.read("/home/www-data/.db/.dev_name") rescue "" end %>
pool: 5
username: <%= begin IO.read("/home/www-data/.db/.user") rescue "" end %>
password: <%= begin IO.read("/home/www-data/.db/.pass") rescue "" end %>
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test:
adapter: sqlite3
database: db/test.sqlite3
pool: 5
timeout: 5000
production:
adapter: postgresql
encoding: utf8
database: <%= begin IO.read("/home/www-data/.db/.prod_name") rescue "" end %>
pool: 5
username: <%= begin IO.read("/home/www-data/.db/.user") rescue "" end %>
password: <%= begin IO.read("/home/www-data/.db/.pass") rescue "" end %>
That way I can run rails s -e test locally and test with an sqlite3 database, but when I deploy to my development and production servers I can use postgres.
The problem I am having is that, with the changes to my database.yml shown above, when I run rails s -e test locally I get an error saying that rails could not find the pg gem which seems to imply that it is still trying to use either the development or the production server.
With all the warnings acknowledged, the answer to the question would be to use group in your Gemfile like
gem 'pg', group: [:development, :production]
gem 'sqlite3', group: :test