We're running Rails v6.1.4 and the encrypted credentials constantly break and we can't figure out why...
We have four sets of credentials for various environments:
config/
credentials/
development.key
development.yml.enc
...
The *.key files are all .gitignoreed. The *.yml.enc are tracked.
There are two developers working on the project. We occasionally update credentials using this command: rails credentials:edit --environment [ENVIRONMENT]
We never edit the .key files
But almost every week one of us starts getting...
Couldn't decrypt config/credentials/development.yml.enc. Perhaps you passed the wrong key?
...when we try to edit a credentials file.
WHY? What could we doing to cause this? It's incredibly frustrating and I'm ready to give up on this feature because it's wasting so much time.
Probably you're not noticing when you introduce merge conflicts into the encrypted file.
Related
I am on rails 5.1. I had a project i worked on for a while, and then got a new computer. I know what my rails master key is as it is still on heroku. I cloned the app off github and cannot launch it. I continue getting this error
Missing encryption key to decrypt secrets with. Ask your team for your master key and put it in ENV["RAILS_MASTER_KEY"]
When I go into production.rb and change
config.read_encrypted_secrets = true
to
config.read_encrypted_secrets = false
and then try running the app, i still get the same error which makes no sense at all.
So then I tried to edit the secrets file that I have. I assumed that the master key is not in there. I went
`EDITOR="sublime" bin/rails secrets:edit`
and still get
`Missing encryption key to decrypt secrets with. Ask your team for your master key and put it in ENV["RAILS_MASTER_KEY"]`
Ultimately I just don't know what to do. All I want to do is work on this app, and I can't even get it started. Does anyone have any advice on where to go here? I definitely am missing something here.
I'm working on a Rails application and I am attempting to organize my secret_key_base and related important secrets (Think API keys, database credentials, etc.)
I am trying to find a way to setup something like the following, under /config
/config
credentials.yml.enc
master.key
/config/credentials
development.yml.enc
development.key
production.yml.enc
production.key
test.yml.enc
test.key
First Question:
Is it that secret_key_base exists in /config/credentials.yml.enc, which is loaded (first?) and then the credentials are loaded for the environment rails is running in? Or should I create a different secret_key_base for each environment?
Second Question:
No matter what I do, when I run in development or test, tmp/development_secret loads first. In addition, whenever I try to access my secrets in development, (Rails.application.secret_key_base) as referenced here: What's the correct way of defining secret_key_base on Rails 6, I run into an issue where I only ever receive nil when looking for secrets I've defined in my development.yml.enc, which I assume is because it's not loading anything in that file, it's going to tmp/development_secret and not finding anything else (Maybe I'm wrong.)
Goals:
Stop tmp/development_secret from being created, and instead access
secrets using the specific .yml.enc file depending on the
environment.
Understand why /config/credentials.yml.enc exists if it doesn't
load in all the environments. If it doesn't, then it isn't clear when it loads.
Why?
Using config/database.yml as an example, I want to store different creds for each environment, but none of them in version control. (I want nobody but a few to have production.) However, I want to access them the exact same way in all of my environments. Not having creds load in production because of an issue with a .yml file will crash my app, so I don't want to load them differently in test/development.
Put together a blog post about this because searching for documentation on this feature is painful. It's a really easy thing because then only the master.key, and production.key would need loaded as ENV variables which is great. (Or possibility just one of them.)
This really should be a simple, out-of-the-box thing, but it's hard to find real documentation on best practices.
I've found the answer, at least the one I'm looking for. You can have your initializer load whatever file you want by overriding the defaults.
config.credentials.content_path = 'config/credentials/development.yml.enc'
config.credentials.key_path = 'config/credentials/development.key'
https://edgeapi.rubyonrails.org/classes/Rails/Application.html
I am trying to find the best solution for storing secret keys (specifically S3 and devise keys are the ones i'm trying to set up) which will enable my app to run both locally and on Heroku. My research so far (almost a whole day on this :( ) shows me a number of options, however i've had issues with each, which i outline below:
Option 1) Using the .gitignored rails 4.1 provided secrets.yml file is lovely in development, you simply use Rails.application.secrets._secret_ in the s3 credentials in your model and all is fine. But when pushing to Heroku you need to heroku config:set key=value for each variable, which in itself is fine but then you need to replace the Rails.application.secrets... syntax with ENV['key'] and this renders the rails intended secrets.yml and the corresponding nice syntax unusable. The only way i can see this working is with ENV's set both locally and on heroku, a bit tedious and it wouldn't be utilising the rails intended secrets.yml file.
Option 2) Using the gem 'figaro' is all well and good, so the gem sets up an application.yml file for you and .gitignores it for you and provides a handy rake command to bulk create Heroku ENV's. But i cannot see how you are meant to use the same app version for both local development and heroku production environments without again having to set ENV's on each environment. Ok, figaro makes setting ENV's quicker on heroku through its rake command, but it still renders secrets.yml useless and involves setting of ENV's for every key in each environment.
Option 3) I found another gem; gem 'heroku_secrets', github: 'alexpeattie/heroku_secrets' which is designed to make our lives easier. This gem, akin with figaro, provides a rake commend to bulk set Heroku ENVs. But i guess it still leaves us with the same issue of ENV's set everywhere. However, i couldn't even get this far with this gem, when attempting to use it I ran into this error message;
git://github.com/alexpeattie/heroku_secrets.git (at master) is not yet checked out. Run bundle install first.
Neither bundle nor bundle install do anything here and searching on the issue has me trying bundle install --deployment which rather than identifying and solving the problem, it provides a workaround solution through placing all of my gems in the vendor directory, not how id like thing set up, so i scrapped that change.
Other Options) dotenv-not tried, foreman-not tried, pre loading a file containing vars before rails.initialize, tried but didn't like.
After all of today searching, playing, trying to implement and re-implement variations of the above and more I am still at a loss as to how to get this app to run on both heroku and local dev environments in a decent way. I would of course like to achieve this whilst using the secrets.yml rails intended set up with without too much customisation, but i will do what i need to do to get this working. I am very much a junior at this developer thing so it is taking me longer than most to get my head around things, but this has really stumped me and has my head firmly in my hands asking for some help, please show me the light oh programming genii.
Here are some of the other links that i found, read and with some tried to implement if of any help with this subject:
Heroku's config man pages: https://devcenter.heroku.com/articles/config-vars#setting-up-config-vars-for-a-deployed-application
A closely related question; How do you manage secret keys and heroku with Ruby on Rails 4.1.0beta1?
Article on various solutions; http://www.gotealeaf.com/blog/managing-environment-configuration-variables-in-rails
Another article on various solutions; http://tammersaleh.com/posts/managing-heroku-environment-variables-for-local-development/
Bundle 'not checked out' error; is not checked out... bundle install does NOT fix help!
Yet despite all of this discussion I can't seem to find a way to get this to work in both development local and heroku production environments without manually setting ENVs. Is there a way and if so would you please enlighten me.
I'm completely new to Ruby on Rails, have never worked on it, but I am supposed to take over somebody else's old project. He designed a webapp that logs into a website/server online, extracts data from it daily and performs calculations. However, the application has not been running for quite some time, so now when it tries to display statistics, the page crashes. It uses data from a 5 week period and currently only has data for 2 days.
I need to manually insert data for the missing weeks in order to get it up and running again, but the problem is I don't know how to find/access its database, nor how exactly to use Ruby on Rails. I found several files in the db directory of his project, however they were mostly .sqlite33 files or just 'files'. I downloaded sqlite precompiled binary for Windows and tried to use it, but not sure what to do. I also downloaded and tried using SQTView to open the files to change the tables, but I have had no luck.
How can I tell which file is the main database and how do I edit it? And what are .sqlite33 files? Thanks.
EDIT
The application produces a
TypeError in HomeController#index
"nil can't be coerced into Float"
It links the error to a line in the code, but the only reason the error happens is because there is no data in the table for the time period that the variable in this line of code tries to use. That is why I want to manually update it with values.
I think that Sqliteman might do the trick and thank-you for explaining all of this to me. I just have to confirm it works after editing.
EDIT2
Okay, so I had a small revelation while experimenting on his app. It turned out that the page crashed because of empty values for full weeks. If I used the app to gather data for at least one day per week up until this week, then the app worked.
Is there a way I can populate all the missing days without having to manually click the days in its calendar because it takes a good 20-30 seconds for it to load?
Thank you very much for your help.
A Rails application's database is defined in config/database.yml - though the database itself and the scheme are in the db folder. In database.yml you'll find three database configurations - development, test and production - so make sure to choose the right file.
I've never heard of .sqlite33 files, but to edit SQLite files manually I recommend SQLiteMan. But I don't recommend editing it manually.
What I do recommend is to check if you are running the app in development or production mode, as the two mods use different databases. Try to run it in the other mode.
If that doesn't work, try saving a copy of the database files, and running the commands:
bundle install
bundle exec rake assets:precompile
rake db:migrate
rake db:migrate RAILS_ENV="production"
(if you're using Linux, you might want to also run the first command with sudo)
Those commands make sure all the required gems are installed, that the precompiled assets are up to date, and that the database fits the schema. If you are running that application on the same machine and with the same database as the ones the other guy was using, than those commands shouldn't be necessary, but if you have moved the application to your own machine, or used an used an outdated db file, than those commands might fix the crash.
At any rate, if you tell us what error the application is producing we might be able to provide more assistance.
today I uploaded my app to server, and after seting it into development mode, and running of course rake tasks (rake db: migrate, and rade db: migrate RAILS_ENV="production") and well it just doesn't save anything.
The problem happens when I try to create any new items, it just goest to the listing of models...
Your question is very vague. I believe you're saying the app writes files to the server's hard drive. If that's what you're asking, I think the best guess is that something's wrong with file system permissions. Unfortunately, I can't say what is wrong without more details.
i solved it.
reason i asked was because i absolutely went through each and every one of my potential problems and took care of them, and well in the end none of them were the reason of such a failure. so then i went to the basics
and i basically had to clone my development environment on the production machine.
so i had to downgrade rails a couple of versions, and some gems too.
that took care of it, everything went on smoothly, so if anyone ever encounters such mysterous failures, give this a try.