I'm following a guide which uses rails credentials but I can't edit the unencrypted file.
I first run EDITOR="code --wait" bin/rails credentials:edit --environment=development which creates development.key & development.yml.enc. However it fails to open up the unencrypted version of the file it showed in the guide.
I have tried EDITOR="code --wait" bin/rails credentials:show --environment=development which shows the file in the terminal with the expected AWS placeholder key and secret. It also provides a number of warnings. But I can't edit.
Are there any other methods to access Rails' unencrypted credentials from a WSL2 environment? I am presuming WSL2 is the cause of the issue...
Using NANO editor instead seems to work.
EDITOR="nano" bin/rails credentials:edit --environment=development
I'll leave the question up for anyone else with this issue.
Related
Rails 7
I am running into some issues using [Rails.env.to_sym]. Some config files understand it, and some do not.
Doing some research, it seems as if I can generate different credentials files, for each runtime environment. For instance:
rails credentials:edit --environment development
rails credentials:edit --environment test
Does this mean that Rails will pick the appropriate credentials file, based on the rails environment setting (test, development, etc.)?
That’s correct — the main credentials file (credentials.yml.enc) is overwritten by environment-specific files.
If you run bin/rails credentials:edit -h from the command line, you’ll see this:
=== Environment Specific Credentials
The `credentials` command supports passing an `--environment` option to create an environment specific override. That override will take precedence over the global `config/credentials.yml.enc` file when running in that environment. So:
bin/rails credentials:edit --environment development
will create `config/credentials/development.yml.enc` with the corresponding encryption key in `config/credentials/development.key` if the credentials file doesn't exist.
One tiny gotcha for me — I ran into an error trying to generate environment-specific credentials file (part of error below):
`binwrite': No such file or directory # rb_sysopen - config/credentials/test.yml.enc.tmp
My fix was creating the empty folder first (config/credentials) and then re-running command (e.g., bin/rails credentials:edit --environment test)
I'm working with ruby 2.5.5 and I'm starting the server like so:
RAILS_MASTER_KEY=[MY_KEY] RAILS_ENV=staging MY_DATABASE_PASSWORD=[MY_PW] bin/rails server -b 0.0.0.0
that works, now I want to generate migrations like so:
RAILS_MASTER_KEY=[MY_KEY] RAILS_ENV=staging MY_DATABASE_PASSWORD=[MY_PW] bin/rails generate migration CreateJoinTableMyTable column1 foreignKey
And I get the following error:
/path/to/.rvm/gems/ruby-2.5.5/gems/activesupport-5.2.3/lib/active_support/encrypted_file.rb:96:in `handle_missing_key': Missing encryption key to decrypt file with. Ask your team for your master key and write it to /Users/BaxterStockman/empiric/hyperion-backend-webapp/config/master.key or put it in the ENV['RAILS_MASTER_KEY']. (ActiveSupport::EncryptedFile::MissingKeyError)
I also wrote the RAILS_MASTER_KEY into ~/.bashrc and reload the profile but that didn't do anything.
Anyone an idea why this error gets thrown?
What's the rails version? It shows you the error that you should have a file config/master.key in app folder. It's required to decrypt the credentials.yml.enc.
Just add that file by asking your colleagues or if you don't have one, generate via
EDITOR="code --wait" rails credentials:edit
You might google which EDITOR= instead of code you'd use as I don't know that. Just make sure the editor won't be closed immediately, that's why for VSCode I had to use --wait argument.
Afterwards, you might place RAILS_MASTER_KEY in credentials.yml.enc.
Since Rails 5.2 credentials file appeared, so you don't need to store keys in operating system's ENV variables.
I am trying to add an API key and token to my credentials.yml.enc file in Rubymine. I can't seem to find a --wait flag or save the generated file from
EDITOR=rubymine rails credentials:edit
or
EDITOR="rubymine --wait" rails credentials:edit
What happens is I add my keys to the file for example:
api_client:
api_key: 123
but just by opening the file I see a
File encrypted and saved.
message before I can enter anything, so when I spin up my rails console to test my keys like:
Rails.application.credentials.api_client[:api_key]
I just get back a 'nil' value error.
When I try to edit in vim I get similar results. I can't seem to find any answers online, I am running ruby '2.6.3' with Rails 6.0.2.2 on MacOS Catalina 10.15.4. Thank you all for your time.
Solution: at this time I have found that using a different editor (ATOM) solves the short term problem. I will continue to try and understand if rubymine has this capability as well.
Try this..
EDITOR="vim" bin/rails credentials:edit
Works like charm with MacOS Catalina
How about
EDITOR = "/Applications/RubyMine.app/Contents/MacOS/rubymine --wait" rails credentials:edit
in macOS Big Sur that is.
I also got "File encrypted and saved." trying to run EDITOR="vim" bin/rails credentials:edit in a Rails 6.1 project.
It was simply a matter of the editor not being installed – I tried just the vim command to confirm this. After installing Vim (apt-get install vim on this Ubuntu system), it worked as expected.
I was having a similar issue when trying to use Atom. I realised that I needed to install the Atom shell commands:
Click Atom → Install Shell Commands
This topic has a SOLUTION embeded at the end.
PROBLEM
I'm deploying for the first time a Rails app on a VPS on Ubuntu 18.04. with Nginx.
I followed the good tutorial of Gorails "Deploy Ruby on Rails To Production in 2019".
Everything worked, until I had the "Incomplete response received from application" page.
I checked the nginx logs on /var/log/nginx/error.logand saw the typical message "Missing secret_key_base for 'production' environment, set this string with rails credentials:edit"
As the method of Gorails didn't seems to work (after a bundle exec rails secret on his console app-side, he add a file /my_website/.rbenv-vars with a SECRET_KEY_BASE line, filled with the generated secret key), I decided to follow the multiples topics answering to this question.
Here is the thing, I'm not sure if the followings steps are the goods one.
I run bundle exec rails secreton my console, server-side, as deploy user. So I have my GENERATED_KEY_1
I add to ~/.bashrc : export SECRET_KEY_BASE="GENERATED_KEY_1"
I source ~/.bashrc
I check my key with echo $SECRET_KEY_BASE, and I have the good key displayed (GENERATED_KEY_1)
I edited my credential file as
development:
secret_key_base: ORIGINAL_KEY
test:
secret_key_base: ORIGINAL_KEY
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
and added Dotenv to my Gemfile, required it in application.rb
But none of this worked, after restarted nginx server.
So I restarted the previous step, with the root-user.
But again, it failed.
My questions are:
what I am missing ?
How can I know, if it's searching the key in the good place, as I have always the same error message ?
Which key am I suppose to generate ? App-side ? Server-side ? As root or deploy user ?
Do I have something else to configure in /etc/nginx/sites-available/default ? (I saw on this topic that this guys changed a rails_env production; to rails_env development; but I haven't any rails line)
Thank you, I'm a little bit desperate ^^
SOLUTION
During my many tests, I logged with the root user, and run EDITOR="vim" rails credentials:edit. This command had generated a master.key, which doesn't exist on your Github repo.
But first, I didn't modified it. I think that was the main problem, as the application use it to decrypt your credentials.yml.enc file. When I understood it, I edited the master.key with the content of the master.key on my computer app.
Even after editing credentials.yml.encwith <%= ENV["SECRET_KEY_BASE"] %>, this solution works. This corresponds to the answer of Lyzard Kyng, even if it's a bit different.
I can't run EDITOR="vim" rails credentials:editwith the deploy user, it doesn't work.
Rails 5.2 and later uses encrypted credentials for storing sensitive app's information, which includes secret_key_base by default. These credentials are encrypted with the key stored in master.key file. Git repository, generated by default Rails application setup, includes credentials.yml.enc but ignores master.key. After the deployment, which usually involves git push, Rails production environment should be augmented with this key some way.
So you have two options. You can securely upload master.key to production host via scp or sftp. Or you can establish shell environment variable RAILS_MASTER_KEY within the context of a user that runs rails server process. The former option is preferred, but as you have dotenv-rails gem installed, you'd create .env.production file under app's root and put there a line
RAILS_MASTER_KEY="your_master-key_content"
Don't forget to ensure that gem dotenv-rails isn't restricted within Gemfile by development and test Rails environments.
By the way since passenger module ver. 5.0.0 you can set shell environment variables right from nginx.conf
run rake secret in your local machine and this will generate a key for you
make config/secrets.yml file
add the generated secret key here
production:
secret_key_base: asdja1234sdbjah1234sdbjhasdbj1234ahds…
and redeploy the application after commiting
i had the same issue and resolved by this method.
It would be more secure to generate your key on the server and use it there, rather than push it to your repo from a local machine.
Instead of ~/.bashrc do this for using environment variables;
As root user, navigate to the # directory (can probably just use cd ..)
Enter nano home/<yourAppUser>/.bash_profile to navigate to (and create) the file to store the ENV
As you have already, just write this in the file: export SECRET_KEY_BASE="GENERATED_KEY_1"
You can store your database password here as well.
1_ Set credentials with
rails credentials:edit
2_ Upload master.key file to your production server.
If deploy with capistrano, copy master.key to shared folder (shared_path) and then add this to deploy.rb:
namespace :config do
task :symlink do
on roles(:app) do
execute :ln, "-s #{shared_path}/master.key #{release_path}/config/master.key"
end
end
end
after 'deploy:symlink:shared', 'config:symlink'
In my case, on rails credentials:edit, the file indentation were not accurate which gave the error on deployment. So make sure the indentation is correct on your local before deploying.
When I open the file this way:
EDITOR="atom --wait" bin/rails credentials:edit
I get a brand new file that is assigned a new name (a number.credentials.yml) and reports "New credentials encrypted and saved," and I am not given the opportunity to edit the file.
Then I type:
bin/rails credentials:show
and I get the default aws: 123 etc....
So I delete both the credentials.yml.enc and the master key and start over, with the same results. the new credentials.yml.enc is created with the default verbage, but I cannot edit it.
I am using ruby 2.5.3 and rails 5.2.2. Ubuntu 18.04 if that matters. I have followed all the recommendations given elsewhere on this exact topic, but nothing works for me.
With rails credentials:show, you cannot edit your credentials.yml. You have to use EDITOR="atom --wait" rails credentials:edit to edit your credentails.yml.
Delete your master.key than you need to run the command EDITOR="atom --wait" rails credentials:edit which it won't find the master.key and creates new one with crendetials.yml.enc. After that, add some stuffs and close that file with CTRL + W. Now you can see the result with rails credentials:show.
I was having the exact same issue. It appears the issue is the quotes surrounding the specified text editor. (Note: I am running MacOS, not Ubuntu):
Doesn't work as intended
EDITOR=“vim” rails credentials:edit
New credentials encrypted and saved.
But I didn't want to create new credentials. I wanted to edit my existing credentials.yml.enc file.
Works as intended
EDITOR=vim rails credentials:edit
This does what I expect: opens up the credentials.yml.enc file in vim in an unencrypted format.
You need install vim for ubuntu, use this commmand:
sudo apt-get install vim
I had the same problem and solutioned with that. ;)