After upgrading from rails 5.1 to rails 5.2.3 I am getting this deprecation warning:
secrets.secret_token` is deprecated in favor of `secret_key_base` and will be removed in Rails 6.0. (called from <main> at /config/initializers/stripe.rb:3
If I look at the stripe initializer, I have:
Rails.configuration.stripe = {
publishable_key: Rails.application.secrets.stripe_publishable_key,
secret_key: Rails.application.secrets.stripe_secret_key
}
so there is no mention of secret.token. If I look at config.secrets.yml I have
test:
secret_key_base: some-key
stripe_secret_key: another_key
stripe_publishable_key: yet_another_key
So why am I getting the deprecation warning?
Rails 5.2 has replaced secrets with credentials to store encrypted credentials or API keys in the repository. You can read more about the changing from secrets to credentials in the following article.
https://medium.com/#wintermeyer/goodbye-secrets-welcome-credentials-f4709d9f4698
Even though Rails 5.2 has replaced secrets with credentials, you can still use secrets if you wish to. However as the warning message states, secrets will be removed from Rails 6 and you have to embrace in using credentials for storing API keys and secret_keys.
Related
I'm having trouble in production on Heroku, with Devise confirmable email. I'd been using Mailgun for this and am migrating to Mandrill. All references to Mailgun have been removed from the code, so a search for "mailgun" comes up empty, including my vendor folder. My new setup is for Mandrill SMTP. When I test signing up a user on Heroku my output includes this:
Net::SMTPAuthenticationError (535 5.7.0 Mailgun is not loving your login or password
vendor/ruby-2.1.2/lib/ruby/2.1.0/net/smtp.rb:969:in `check_auth_response'
vendor/ruby-2.1.2/lib/ruby/2.1.0/net/smtp.rb:740:in `auth_plain'
vendor/ruby-2.1.2/lib/ruby/2.1.0/net/smtp.rb:732:in `authenticate'
vendor/ruby-2.1.2/lib/ruby/2.1.0/net/smtp.rb:567:in `do_start'
vendor/ruby-2.1.2/lib/ruby/2.1.0/net/smtp.rb:520:in `start'
vendor/bundle/ruby/2.1.0/gems/mail-2.6.3/lib/mail/network/delivery_methods/smtp.rb:112:in `deliver!'
I've removed my Heroku ENV variables, removed the Mailgun addon but it seems like there's a setting which is not part of my code that needs to be updated to resolve this. Why is it stuck on Mailgun?
I am an idiot. I had an ENV variable for SMTP_ADDRESS which I was using for both applications. It was still set to Mailgun's url.
I've a .env file in my root folder in production. This file defines SECRET_KEY_BASE which is used in config/secrets.yml. The problem is that I can't manage to load my .env file before my config/secrets.yml. I've tried using the dotenv gem without success.
Any idea on how todo this in production?
I don't want to set it globally for my webmaster user on the production server. The SECRET_KEY_BASE value should only be accessable for by application.
I'm using rails 4.1.
I too use dotenv gem. It works for me in almost all case.
This is my configuration of dotenv gem (yes, i put dotenv in Gemfile). I just create an aaaaa.rb initializer file.
config/initializers/aaaaaa.rb
#obscure name because rails load initializers/* files based on alphabets
require 'dotenv'
Dotenv.load
And, cases which it doesn't, i do this this finally in config/boot.rb file
ENV["SECRET_KEY_BASE"] = "foobar"
I was also having this problem. Here is how I got it to work. I followed documentation to initialize dotenv early:
# config/application.rb
Bundler.require(*Rails.groups)
Dotenv::Railtie.load
HOSTNAME = ENV['HOSTNAME']
But then I came across this error (issue #155):
gems/dotenv-rails-1.0.2/lib/dotenv/rails.rb:17:in `load': undefined method `join' for nil:NilClass (NoMethodError)
The workaround (also documented in issue #155) is to replace Dotenv::Railtie.load with:
Dotenv.load(File.expand_path("../../.env.#{Rails.env}", __FILE__))
Apparently this is only a problem when using rails 4.1.
Was also having this problem, but manage to get it to work by having this in my secrets.yml file:
production:
secret_key_base: ENV["SECRET_KEY_BASE"]
It worked after removing the <%= %>
Basically, I can't find my production ID and my production API secret. I can only find the developer ones. Am I supposed to submit for review first? My OAuth is all set up.
I also have my YML So do I submit first and I will get this second ID? This has been my problem all day long. Thanks.
It looks like this:
Development:
facebook_api_key:
facebook_api_secret:
Production:
facebook_api_key:
facebook_api_secret:
I tried adding my ID and secret for both of them even though it was only on dev! Please help me!
Actually, your problem has nothing to do with oauth. It is about how to setup secret variables between different environments.
I use figaro gem to handle this kind of variables:
First, add figaro in your Gemfile.
Gemfile
gem 'figaro'
Setup variables in config/applicaiton.yml. (I usually use UPPER CASE for these variables)
config/application.yml
development:
FB_KEY: your_fb_key_for_development
FB_SECRET: your_fb_secret_for_development
production:
FB_KEY: your_fb_key_for_production
FB_SECRET: your_fb_secret_for_production
And use ENV to get variables where you want,
config/initializers/devise.rb
Devise.setup do |config|
# ...
# Onmi configurations
require "omniauth-facebook"
config.omniauth :facebook, ENV['FB_KEY'], ENV['FB_SECRET']
# ...
end
If you want to do it without any gem, please see:
stackoverflow - Setting Environment Variables in Rails 3 (Devise + Omniauth)
I was reading http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html
and saw there the trick with config/secrets.yml
I moved my secret_base_keys to that file, and removed secret_token.rb file.
But server doesn't start.
DEPRECATION WARNING: You didn't set config.secret_key_base. Read the upgrade documentation to learn more about this new config option. (called from service at /home/bismailov/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/webrick/httpserver.rb:138)
[2014-01-15 16:15:51] ERROR RuntimeError: You must set config.secret_key_base in your app's config.
I believe that is because I don't use Rails 4.1 yet.
Is there any way to implement this new functionality (secrets.yml) in Rails version 4.0? Maybe some kind of gem...
Thank you very much!
This secret_key_base deprecation does not seem to have alternative syntax to remove the deprecation warning in a Rails 4.0 application. To satisfy the deprecation, follow the steps for moving the production key to secrets.yml and delete the secret_token.rb file. The implement a YAML loader in your application.rb to extract the token from your secrets.yml file.
Use rake secret to generate a new token for each of your environments. Copy and paste the output to each section of your secrets.yml file.
# config/secrets.yml
development:
secret_key_base: __pasted from rake secret___
test:
secret_key_base: __pasted from rake secret___
production:
secret_key_base: __pasted token from config/initializers/secret_token.rb___
# config/application.rb
# TODO Remove this in Rails 4.1
config.secret_key_base = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]['secret_key_base']
Cite: https://github.com/rails/rails/pull/13298
UPDATE:
My original post focused on Inspired by #user2998870, I added a method to my application.rb that is allows one to implement multiple secrets, not just secret_key_base. This makes top-level keys accessible as methods e.g. Rails.application.secrets.braintree_merchant_id.
If nested, one can call the nested key value using Rails.application.secrets.braintree['merchant_key'].
Note: The original code above is still needed for secret_key_base to operate correctly in Rails 4.0.
# config/application.rb
def secrets
#secrets ||= begin
yaml = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]
ActiveSupport::OrderedOptions.new.merge!(yaml.symbolize_keys)
end
end
config/secrets.yml is a feature of Rails 4.1. Upgrade to Rails 4.1 to use the feature.
I did like #scarver2 mentioned, but I did it by borrowing some code from Rails 4.1 (I'm currently using on 4.0.3)
# Load 3rd party service passwords from config/services.rb.
# This is patch code to support config/services.rb till we upgrade to Rails 4.1.
# TODO: Remove this section after upgrading to Rails 4.1.
# Borrowed from rails/railties/lib/rails/application/configuration.rb
config.paths.add "config/secrets", with: "config/secrets.yml"
# Borrowed from rails/railties/lib/rails/application.rb
def secrets #:nodoc:
#secrets ||= begin
secrets = ActiveSupport::OrderedOptions.new
yaml = config.paths["config/secrets"].first
if File.exist?(yaml)
require "erb"
all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
env_secrets = all_secrets[Rails.env]
secrets.merge!(env_secrets.symbolize_keys) if env_secrets
end
# Fallback to config.secret_key_base if secrets.secret_key_base isn't set
secrets.secret_key_base ||= config.secret_key_base
secrets
end
end
Am using rails 3.2.6 , ruby 1.8.7
I want add devise authentication in application..
I do following below mentioned in my app..
gem 'devise' add in Gemfile
after rails g devise:install in cmd prompt.
Add this line in developement.rb
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
Add this line in config/application.rb
config.assets.initialize_on_precompile = false
Finally, I run this cmd rails g devise user.
I got this error.
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
If you know answer for this error. please let me know..
You need to generate application token. It can be simply done by running:
rake secret
And add to config/initializers/secret_token.rb
AppName::Application.config.secret_token = 'CODE_HERE'
EDIT: Thanks #Nick