Can't edit credentials Rails 5.2 - ruby-on-rails

When I open the file this way:
EDITOR="atom --wait" bin/rails credentials:edit
I get a brand new file that is assigned a new name (a number.credentials.yml) and reports "New credentials encrypted and saved," and I am not given the opportunity to edit the file.
Then I type:
bin/rails credentials:show
and I get the default aws: 123 etc....
So I delete both the credentials.yml.enc and the master key and start over, with the same results. the new credentials.yml.enc is created with the default verbage, but I cannot edit it.
I am using ruby 2.5.3 and rails 5.2.2. Ubuntu 18.04 if that matters. I have followed all the recommendations given elsewhere on this exact topic, but nothing works for me.

With rails credentials:show, you cannot edit your credentials.yml. You have to use EDITOR="atom --wait" rails credentials:edit to edit your credentails.yml.
Delete your master.key than you need to run the command EDITOR="atom --wait" rails credentials:edit which it won't find the master.key and creates new one with crendetials.yml.enc. After that, add some stuffs and close that file with CTRL + W. Now you can see the result with rails credentials:show.

I was having the exact same issue. It appears the issue is the quotes surrounding the specified text editor. (Note: I am running MacOS, not Ubuntu):
Doesn't work as intended
EDITOR=“vim” rails credentials:edit
New credentials encrypted and saved.
But I didn't want to create new credentials. I wanted to edit my existing credentials.yml.enc file.
Works as intended
EDITOR=vim rails credentials:edit
This does what I expect: opens up the credentials.yml.enc file in vim in an unencrypted format.

You need install vim for ubuntu, use this commmand:
sudo apt-get install vim
I had the same problem and solutioned with that. ;)

Related

Viewing Rails Credentials in WSL2

I'm following a guide which uses rails credentials but I can't edit the unencrypted file.
I first run EDITOR="code --wait" bin/rails credentials:edit --environment=development which creates development.key & development.yml.enc. However it fails to open up the unencrypted version of the file it showed in the guide.
I have tried EDITOR="code --wait" bin/rails credentials:show --environment=development which shows the file in the terminal with the expected AWS placeholder key and secret. It also provides a number of warnings. But I can't edit.
Are there any other methods to access Rails' unencrypted credentials from a WSL2 environment? I am presuming WSL2 is the cause of the issue...
Using NANO editor instead seems to work.
EDITOR="nano" bin/rails credentials:edit --environment=development
I'll leave the question up for anyone else with this issue.

:MissingKeyError in rails 2.5.5

I'm working with ruby 2.5.5 and I'm starting the server like so:
RAILS_MASTER_KEY=[MY_KEY] RAILS_ENV=staging MY_DATABASE_PASSWORD=[MY_PW] bin/rails server -b 0.0.0.0
that works, now I want to generate migrations like so:
RAILS_MASTER_KEY=[MY_KEY] RAILS_ENV=staging MY_DATABASE_PASSWORD=[MY_PW] bin/rails generate migration CreateJoinTableMyTable column1 foreignKey
And I get the following error:
/path/to/.rvm/gems/ruby-2.5.5/gems/activesupport-5.2.3/lib/active_support/encrypted_file.rb:96:in `handle_missing_key': Missing encryption key to decrypt file with. Ask your team for your master key and write it to /Users/BaxterStockman/empiric/hyperion-backend-webapp/config/master.key or put it in the ENV['RAILS_MASTER_KEY']. (ActiveSupport::EncryptedFile::MissingKeyError)
I also wrote the RAILS_MASTER_KEY into ~/.bashrc and reload the profile but that didn't do anything.
Anyone an idea why this error gets thrown?
What's the rails version? It shows you the error that you should have a file config/master.key in app folder. It's required to decrypt the credentials.yml.enc.
Just add that file by asking your colleagues or if you don't have one, generate via
EDITOR="code --wait" rails credentials:edit
You might google which EDITOR= instead of code you'd use as I don't know that. Just make sure the editor won't be closed immediately, that's why for VSCode I had to use --wait argument.
Afterwards, you might place RAILS_MASTER_KEY in credentials.yml.enc.
Since Rails 5.2 credentials file appeared, so you don't need to store keys in operating system's ENV variables.

Unable to Save and Edit credentials.yml.enc in Rubymine or Vim for Rails 6

I am trying to add an API key and token to my credentials.yml.enc file in Rubymine. I can't seem to find a --wait flag or save the generated file from
EDITOR=rubymine rails credentials:edit
or
EDITOR="rubymine --wait" rails credentials:edit
What happens is I add my keys to the file for example:
api_client:
api_key: 123
but just by opening the file I see a
File encrypted and saved.
message before I can enter anything, so when I spin up my rails console to test my keys like:
Rails.application.credentials.api_client[:api_key]
I just get back a 'nil' value error.
When I try to edit in vim I get similar results. I can't seem to find any answers online, I am running ruby '2.6.3' with Rails 6.0.2.2 on MacOS Catalina 10.15.4. Thank you all for your time.
Solution: at this time I have found that using a different editor (ATOM) solves the short term problem. I will continue to try and understand if rubymine has this capability as well.
Try this..
EDITOR="vim" bin/rails credentials:edit
Works like charm with MacOS Catalina
How about
EDITOR = "/Applications/RubyMine.app/Contents/MacOS/rubymine --wait" rails credentials:edit
in macOS Big Sur that is.
I also got "File encrypted and saved." trying to run EDITOR="vim" bin/rails credentials:edit in a Rails 6.1 project.
It was simply a matter of the editor not being installed – I tried just the vim command to confirm this. After installing Vim (apt-get install vim on this Ubuntu system), it worked as expected.
I was having a similar issue when trying to use Atom. I realised that I needed to install the Atom shell commands:
Click Atom → Install Shell Commands

Error when trying to run rails application on mac

I'm am working as a part of a team for a school project. We are using Ruby 2.6.5 and Rails 6.0.2.1. I have pulled the master branch from GitHub, but when I try to run the application I get this error:
ArgumentError: Missing secret_key_base for 'production' environment
I have looked online and found that the old solution was to change the config/secrets.yml file, but rails 6 no longer has that file, and instead has an encoded credentials.yml.enc file that has the same functionality. How do I fix this issue?
Rails > 5.2 introduced a new feature for securing credentials. For this rails uses a master.key in config folder which is usually added to .gitignore so that it stays secure and doesn't get pushed to git.
This master.key is used to encrypt or decrypt content from the credentials.yml.enc file which you found.
If you are working on a team then the project creator will have to share this master.key file to you personally or you have to create a new credentials.yml.enc. You can do it using the below command -
EDITOR=vim rails credentials:edit
This will create a new master.key and credentials.yml.enc in your machine but the changes made by your teammates in the credentials.yml.enc will be lost. To avoid that hassle just get the master.key from your teammate and put it in the config. folder.
You can try changing the config.require_master_key = true #in config/environments/production.rb
You can go to this link to check this in detail:- https://blog.engineyard.com/rails-encrypted-credentials-on-rails-5.2
I hope this will work for you.

Create fresh Rails 5 credentials on clone

Problem
I am creating a rails 5.2 template. I've created a new project which is a fork of the template. I don't want to use the same config/master.key since this would be shared across X other projects. Is there a way to generate a new key & config/credentials.yml.enc pair? That way I could include a config/credentials.yml.enc.sample and they run rails credentials:new or something then copy the contents over?
Can't find anything in the documentation or google/so searches about this and my alternative is to use the same key across all my public projects :,(
as described here: https://blog.eq8.eu/til/rails-52-credentials-tricks.html
Regenerate key
Currently there is no “edit password” feature, you need copy original content of the credentials, remove the enc files and regenerate fresh credentials file (source)
step 1 copy content of original credentials rails credentials:show
step 2 move your config/credentials.yml.enc and config/master.key away (mv config/credentials.yml.enc ./tmp/ && mv config/master.key ./tmp/)
step 3 run EDITOR=vim rails credentials:edit
step 4 paste copied values from original credentials
step 5 save and commit config/credentials.yml.enc
note! EDITOR=vim rails credentials:edit may not work if you require credential value in some file (e.g. in config/database.yml)
https://github.com/rails/rails/blob/master/railties/lib/rails/commands/credentials/USAGE
For applications created prior to Rails 5.2, we'll automatically
generate a new credentials file in config/credentials.yml.enc the
first time you run bin/rails credentials:edit. If you didn't have a
master key saved in config/master.key, that'll be created too.
So I can create a plain text version of the encrypted file to show which keys are required:
foo_api_key: 123
They run bin/rails credentials:edit which generates the key and encrypted file then they copy the keys over to add them to the encrypted file.
Using #Myk Klemme's answer at https://stackoverflow.com/a/48373368/936494 I was able to successfully re-generate credential files config/credentials.yml.enc, config/master.key.
For that I first removed the existing config/credentials.yml.enc file I got from cloned template-repo and then ran following command
rails_new_app$ EDITOR="mate --wait" bin/rails credentials:edit
which generated following output:
Adding config/master.key to store the encryption key: <encryption_key>
Save this in a password manager your team can access.
If you lose the key, no one, including you, can access anything encrypted with it.
create config/master.key
File encrypted and saved.

Resources