I have a ERB(database.yml.erb) file template for database.yml for rendering using chef 11.10
I want to have an output(after rendering in chef) in database.yml, like below:
default: &default
adapter: mysql2
username: <%= ENV['diff_db_user'] || <username> %>
password: <%= ENV['diff_db_password'] || <password> %>
...
In the above yaml, I expect the values <username> and <password> are substituted from #node[:database][:username] & #node[:database][:password]
So, the reason I wanted to do this is, to use a different password just by setting the environment variable while running a rake job like db migration
So, I tried the above with using escaping the erb tag as mentioned in How do I escape the ERB tag in ERB but in the output yml I could see the value is not substituted, it just prints the variable itself
for example I had an erb like this:
default: &default
adapter: mysql2
username: <%%= ENV['diff_db_user'] || #node[:database][:username] %>
password: <%%= ENV['diff_db_password'] || #node[:database][:password] %>
...
The output I'm getting for it is:
default: &default
adapter: mysql2
username: <%= ENV['diff_db_user'] || #node[:database][:username] %>
password: <%= ENV['diff_db_password'] || #node[:database][:password] %>
...
So, wanted to know is there any other way for to get printed like the one I initially mentioned at the top, when using template in chef to render the erb to yml
You could add another item in database.yml
development_with_password:
adapter: mysql2
username:
password:
and call it in your rake task e.g.
RAILS_ENV=development_with_password rails db:migrate
Something like this?! You need yo use nested <% %> tags, escaping the outer ones. Also don't forget the quotes.
username: <%%= ENV['diff_db_user'] || "<%= #node[:database][:username] %>" %>
password: <%%= ENV['diff_db_password'] || "<%= #node[:database][:password] %>" %>
Related
I should not use Figaro and dotenv.
I'm now making file named development.sh,
and
export USERNAME="user"
export PASSWORD="user"
export HOST="localhost"
echo $USERNAME
echo $PASSWORD
echo $HOST
inside is like this.
when I start docker container,
I run
sh development.sh
but rails app can't understand env values...
this is my database.yml
default: &default
adapter: postgresql
encoding: unicode
# For details on connection pooling, see Rails configuration guide
# https://guides.rubyonrails.org/configuring.html#database-pooling
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
username: <%= ENV.fetch("USERNAME") %>
password: <%= ENV.fetch("PASSWORD") %>
host: <%= ENV.fetch("HOST") %>
if my way is wrong, is there any vanilla way to use <%= ENV.fetch("USERNAME") %> env value?
thanks.
What is the best way to encrypt and use by decrypting ENV variables whenever needed.
Example config/database.yml
development:
adapter: mysql2
encoding: utf8
host: <%= ENV['DB_HOST'] %>
database: <%= ENV['DB'] %>
pool: 5
username: <%= ENV['DB_USERNAME'] %>
password: <%= ENV['DB_PASSWORD'] %>
and .env has
DB_HOST=test.com
DB=testapp_db
DB_USERNAME=test_db_user
DB_PASSWORD=test_password_hard
My question is I want to encrypt DB_PASSWORD=test_password_hard to something like DB_PASSWORD=xadbcxedaxdcda and decrypt ENV['DB_PASSWORD'] while using.
I know Rails 5.2 onwards we can encrypt and use the credentials
Is there a way to achieve this in older rails version <= 4?
I've been trying to debug my credentials file in my staging server. Whenever I try to edit the credentials on my staging server, I get the following error:
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:583:in `validate_secret_key_base': `secret_key_base` for staging environment must be a type of String`
My database.yml file looks like the following:
---
default: &default
adapter: postgresql
development:
<<: *default
database: dev_db
host: <%= Rails.application.credentials.database.fetch(:development).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:development).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:development).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:development) %>
test:
<<: *default
database: test_db
host: <%= Rails.application.credentials.database.fetch(:development).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:development).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:development).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:development) %>
staging:
<<: *default
database: <%= Rails.application.credentials.database.fetch(:staging).fetch(:name) %>
host: <%= Rails.application.credentials.database.fetch(:staging).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:staging).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:staging).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:staging) %>
production:
<<: *default
database: <%= Rails.application.credentials.database.fetch(:production).fetch(:name) %>
host: <%= Rails.application.credentials.database.fetch(:production).fetch(:host) %>
username: <%= Rails.application.credentials.database.fetch(:production).fetch(:username) %>
password: <%= Rails.application.credentials.database.fetch(:production).fetch(:password) %>
secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:production) %>
I think my staging's secret_key_base is of type String. I generated my secret_key_base using rails secret. Locally, when I bring up the rails console, I can view the secret_key_bases for my staging environment:
[1] pry(main)> Rails.application.credentials.secret_key_base.fetch(:staging)
\=> "generated_using_rails_secret"
It returns a string but I still get the error message above whenever I try to access credentials in my staging environment.
I ended up looking at the stack trace and digging into the railties-5.2.0 gem.
Abbreviated stack trace:
ArgumentError: `secret_key_base` for staging environment must be a type of String`
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:583:in `validate_secret_key_base'
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:432:in `secret_key_base'
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:176:in `key_generator'
/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:205:in `message_verifier'
I ended up looking in railties-5.2.0/lib/rails/application.rb:432: and seeing the following bit of code:
# The secret_key_base is used as the input secret to the application's key generator, which in turn
# is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies.
#
# In test and development, this is simply derived as a MD5 hash of the application's name.
#
# In all other environments, we look for it first in ENV["SECRET_KEY_BASE"],
# then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications,
# the correct place to store it is in the encrypted credentials file.
def secret_key_base
if Rails.env.test? || Rails.env.development?
Digest::MD5.hexdigest self.class.name
else
validate_secret_key_base(
ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base
)
end
end
I had mistakenly thought I could specify a SECRET_KEY_BASE for an individual environment. Instead, I could only specify one secret key base. The secret key base apparently has nothing to do with database.yml. I need to read up on it and what it actually does.
If you run rails credentials:edit from the command line it will decrypt the config/credentials.yml.enc file.
You can then edit this file to add environment based secret keys like you would have previously added to config/secrets.yml.
When you save this file it will be encrypted again with the new information included.
There is no reason to have the "secret_key_base" in your database.yml file as this will not have any impact.
Nice Article on the new Rails credentials
Additionally just because rails now longer generates a config/secrets.yml file for you, as of rails 5.2, adding one will still work appropriately as it has in previous releases.
In short:
seems that rake does not have access to Rails.application.secrets in config/database.yml file
what is the purpose of config/secrets.yml then?
In long:
When I run
RAILS_ENV=production rake db:migrate
I get the error Mysql2::Error: Access denied for user 'root'#'localhost' (using password: NO), though I specified appropriate values in config/database.yml and the user connecting should not be 'root'. This is an excerpt from respective config files:
# config/database.yml
production:
<<: *default
adapter: mysql2
host: localhost
database: <%= Rails.application.secrets[:database][:name] %>
username: <%= Rails.application.secrets[:database][:username] %>
password: <%= Rails.application.secrets[:database][:password] %>
# config/secrets.yml
production:
secret_key_base: very-long-blah-blah-blah
database:
name: app_db_name
username: app_db_user
password: app_db_password
Seems that rake has no access to Rails.application.secrets. Running migration succeeds when I explicitly put necessary values in database.yml, for example, as follows:
production:
<<: *default
adapter: mysql2
host: localhost
database: <%= Rails.application.secrets[:database][:name] || 'app_db_name' %>
username: <%= Rails.application.secrets[:database][:username] || 'app_db_user' %>
password: <%= Rails.application.secrets[:database][:password] || 'app_db_password' %>
The above proves that Rails.application.secrets[:database][:name] resolves to nothing.
How to have access to Rails.application.secrets in rake? Would this be the correct solution?
I know that I can use ENV[VARNAME] to fill in secret sections of config/database.yml. But what the the purpose of config/secrets.yml file then?
Moreover, I am using Passenger, which means that variables in .bashrc will probably not be accessible to the web server (I had this issue with secret_key_base). Therefore I try to avoid using environment variable. Just do not want to have all my secrets spilled all over the server.
rails-4.2.2, Ubuntu LTS 14.04
I haven't seen such nested content for the secrets.yml like you have, also the release notes doesn't have such kind. You should be just fine with the below code
# config/secrets.yml
production:
secret_key_base: very-long-blah-blah-blah
name: app_db_name
username: app_db_user
password: app_db_password
And in the database.yml
# config/database.yml
production:
<<: *default
adapter: mysql2
host: localhost
database: <%= Rails.application.secrets.name %>
username: <%= Rails.application.secrets.username %>
password: <%= Rails.application.secrets.password %>
I'm trying to perform a deploy a rails app on EC2 using ElasticBeanstalk, but I'm having some troubles. I was able to perform every step needed on my computer following Amazon's tutorial (http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_Ruby_rails.html).
After deploying the app, I keep receiving this error passenger error on my server:
At first I tough this could be somewhat related to my config.yml file, so, here is how it is now:
production:
adapter: mysql2
encoding: utf8
database: <%= ENV['RDS_DB_NAME'] %>
username: <%= ENV['RDS_USERNAME'] %>
password: <%=['RDS_PASSWORD'] %>
host: <%= ENV['RDS_HOSTNAME']%>
port: <%= ENV['RDS_PORT'] %>
Any ideas on why could be happening?
Your password looks a lot like an array to me. I think you might want password: <%= ENV['RDS_PASSWORD'] %>