I've been working on a rails app & I'm sharing the code with someone through github. When I run the code locally on my machine, everything works fine, but when they run the code on their local environment they get this error:
Missing encryption key to decrypt file with. Ask your team for your master key and write it to /Users/krys2fa/articles/config/master.key or put it in the ENV['RAILS_MASTER_KEY'].
Does anyone know how I can fix this?? Thank you :)
Tell your buddy to run:
EDITOR="nano" rails credentials:edit
This command will open the nano editor and will let create your credentials file. Once then tell him to restart his server.
Remember to not to include this file in the version system. By default it is ignored in the .git file, so it is very likely your partner does not have it.
It is very weird that you can run it but your partner doesn't. Are you sure he is not requiring the master key file in development.rb ?
Related
I'm generating credentials using the following command:
rails credentials:edit --environment development
I notice that rails puts this in the gitignore:
+/config/credentials/development.key
I dont understand why, based on the following reasons:
The development credential file is encrypted by default, hence harmless to check in as long as the master key isnt checked in.
It's essential for a fresh environment setup (eg. on a new dev environment)
If the original file is lost, all the data in the dev environment will have to be reseeded.
I'm inclined to check it in but figured, given Chesterton's fence and all, I'm likely missing something.
I figured it out. I was confused between the development.key and the config/credentials/development.yml.enc. The latter is the encrypted credential file.
I'm working with ruby 2.5.5 and I'm starting the server like so:
RAILS_MASTER_KEY=[MY_KEY] RAILS_ENV=staging MY_DATABASE_PASSWORD=[MY_PW] bin/rails server -b 0.0.0.0
that works, now I want to generate migrations like so:
RAILS_MASTER_KEY=[MY_KEY] RAILS_ENV=staging MY_DATABASE_PASSWORD=[MY_PW] bin/rails generate migration CreateJoinTableMyTable column1 foreignKey
And I get the following error:
/path/to/.rvm/gems/ruby-2.5.5/gems/activesupport-5.2.3/lib/active_support/encrypted_file.rb:96:in `handle_missing_key': Missing encryption key to decrypt file with. Ask your team for your master key and write it to /Users/BaxterStockman/empiric/hyperion-backend-webapp/config/master.key or put it in the ENV['RAILS_MASTER_KEY']. (ActiveSupport::EncryptedFile::MissingKeyError)
I also wrote the RAILS_MASTER_KEY into ~/.bashrc and reload the profile but that didn't do anything.
Anyone an idea why this error gets thrown?
What's the rails version? It shows you the error that you should have a file config/master.key in app folder. It's required to decrypt the credentials.yml.enc.
Just add that file by asking your colleagues or if you don't have one, generate via
EDITOR="code --wait" rails credentials:edit
You might google which EDITOR= instead of code you'd use as I don't know that. Just make sure the editor won't be closed immediately, that's why for VSCode I had to use --wait argument.
Afterwards, you might place RAILS_MASTER_KEY in credentials.yml.enc.
Since Rails 5.2 credentials file appeared, so you don't need to store keys in operating system's ENV variables.
I'm am working as a part of a team for a school project. We are using Ruby 2.6.5 and Rails 6.0.2.1. I have pulled the master branch from GitHub, but when I try to run the application I get this error:
ArgumentError: Missing secret_key_base for 'production' environment
I have looked online and found that the old solution was to change the config/secrets.yml file, but rails 6 no longer has that file, and instead has an encoded credentials.yml.enc file that has the same functionality. How do I fix this issue?
Rails > 5.2 introduced a new feature for securing credentials. For this rails uses a master.key in config folder which is usually added to .gitignore so that it stays secure and doesn't get pushed to git.
This master.key is used to encrypt or decrypt content from the credentials.yml.enc file which you found.
If you are working on a team then the project creator will have to share this master.key file to you personally or you have to create a new credentials.yml.enc. You can do it using the below command -
EDITOR=vim rails credentials:edit
This will create a new master.key and credentials.yml.enc in your machine but the changes made by your teammates in the credentials.yml.enc will be lost. To avoid that hassle just get the master.key from your teammate and put it in the config. folder.
You can try changing the config.require_master_key = true #in config/environments/production.rb
You can go to this link to check this in detail:- https://blog.engineyard.com/rails-encrypted-credentials-on-rails-5.2
I hope this will work for you.
I've just created a new Rails project, and it came with this credentials.yml.enc file.
Is it safe to commit it publicly?
What David Heinemeier Hansson said here:
These secrets are not supposed to withstand any sort of attack in test or development.
As far I understood you should not keep damn secret credentials here, and then it's good to publish in public.
It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret. So we can simply insert this secret into the new flat credentials.yml.enc file.
And at the end he mentioned:
Note: We should just keep Rails.secrets and friends around. The Rails.credentials setup would be a new, concurrent approach. All new apps would use it, but we wouldn't need to screw existing apps.
Hope it would help. For more, follow this.
I finally understood it.
Read this https://blog.saeloun.com/2019/10/10/rails-6-adds-support-for-multi-environment-credentials.html first.
For test and development env, you can simply remove the master.key and you will find that rails s works well.
You can run rails console, then run Rails.application.credentials.config to see that the value.
But if you have a wrong master.key there and run rails s, you will get an error.
But if you removed master.key, you will find that rails s -e production doesn't work.
If you have the correct value of master.key, you can run EDITOR=vim rails credentials:edit to edit it.
If you don't have the correct value of master.key, when you run EDITOR=vim rails credentials:edit,
it will generate a new master.key for you but unfortunately that master.key is a wrong one.
This is reasonable because it makes the credentials.yml.enc unable to be decrypt unless you have already got a correct master.key.
So you can remove the credentials.yml.enc and master.key and run EDITOR=vim rails credentials:edit to generate a new pair.
But before you do that, you should remove master.key and run rails console, then run Rails.application.credentials.config to
understand what values you need to set when running EDITOR=vim rails credentials:edit.
All the Rails instance in production env should have the same credentials.yml.enc and master.key.
So you should keep credentials.yml.enc in your sources code.
credentials.yml.enc why not? This is encrypted file and it doesn't have any information without a key.
But master.key you must keep in secret!!! It may decrypt your file.
You can push the credentials.yml.enc file to production. Just remove the master.key. They are meant to be pushed to production. However, if you are skeptical about this then save it to some local server, and when you are deploying make code to pull the file and master.key. This can be done using Capistrano tasks if you prefer this.
I experience an error : 'fetch': key not found: "APPLICATION_HOST" (KeyError)'
This errors occurres since I tried to implement a new gem that requires dotenv gem. That produced a lot of tries to fix. I revert my code to a stable one but I still cannot run my app supposed related to my machine configuration.
For now none of my environment variables in my .env file can be read by the app.
A teammate has the same code as mine and hasn't any config in his ~/.bashrc neither in ~/.bash_profileand our .env file has chown readable states.
Last information we use a gemset for this project.
Thanks by advance for any help
I solved the problem by cloning the repo in another folder and the project runs again!