Develop Reference

Rails: How to fix "Missing secret_key_base for 'production' environment"

I simply can't get past the message:
Missing `secret_key_base` for 'production' environment, set this string with `rails credentials:edit` (ArgumentError)
I have Rails 5.2.0, and ran
EDITOR=vim rails credentials:edit
and inside:
production:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
Save and, in the terminal:
RAILS_ENV=production rails c
Am I missing something? I've restarted the server and got the same issue, but have no issue in development mode.

Keep default the secrets.yml file
# config/secrets.yml
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
aws_secret: abcde
some_password: abcdex
development:
secret_key_base: static_secret_key
aws_secret: abcde
test:
secret_key_base: static_test_secret_key
#not_indented: key for all env in once
secret_key_base: global_key_for_all_env
RAILS_ENV=production SECRET_KEY_BASE=production_test_key rails c
If using Rails 5.2.0, add to production env below, check this LINK
config.require_master_key = true #config/environments/production.rb

Rails 5.2.0 requires an extra stage for the production environment:
config.require_master_key = true # in config/environments/production.rb
Without it, Rails still falls back to the legacy secret.yml mechanism (for now).
Engine Yard's Christopher Rigor has written a concise post on it. The relevant piece:
Reading the Credentials
If you want to use the credentials in the production environment, add the following to config/environments/production.rb
config.require_master_key = true
A good read to also see up and down sides.
Note: As #TomDogg found out, Rails 5.2.1 seems again different, so this answer may only apply to 5.2.0.

config/credentials.yml.enc:
development:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
test:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
production:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
secret_key_base: ZZZZZZZZZ
# `secret_key_base:` must NOT be indented !
# It must be put at the very start of a new line.
# There is also no need for it in development or test environment,
# since there are no attacks to be expected.
Also make sure that you respect all YAML indention rules (i.e. 2 spaces only) as failing to do so my make loading of this file fail silently.

There are no production: development: and test: environment tags in the credentials file. Further information in this DHH's post: https://github.com/rails/rails/pull/30067
So write directly
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
Please don't confuse master key with the secret key base. The master key is used to open the credentials encrypted file.
Switching back to the previous secrets system should not be the solution, nor the accepted answer.

Secret_key_base isn't properly setting.
It's a known issue not getting enough attention: https://github.com/rails/rails/issues/32947
Generate the keys with:
EDITOR=vim rails credentials:edit
Record the key.
Save in config/master.key.
SECRET_KEY_BASE=`cat config/master.key` bin/rails assets:precompile
This is the solution I came to. I really don't like how I've been forced to put it though an environment variable. If someone has more information to bring to my attention on how master.key and such work, please do comment.

Avoid putting secret_key_base under environment tag. Put it above it.
This is wrong:
production:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
some_other_key: xxx
Try this instead:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
production:
some_other_key: xxx

I ran into this problem when deploying my rails app to dokku using a Dockerfile. My solution:
the file config/secrets.yml references an environment variable:
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
I need to set this variable using the dokku command line (either directly on the server, or using the dokku-cli gem on my development machine):
dokku config:set SECRET_KEY_BASE=blalbalblablahblablah

I experienced this same issue when working on a Rails 5.2 application in production.
I already had other things set up. The problem for me was not that the secret_key_base wasn't set properly, it was rather because of the Passing the environment's name as a regular argument like below is deprecated
rails c RAILS_ENV=production
If you look at your error log generated closely from its top you will see this:
DEPRECATION WARNING: Passing the environment's name as a regular argument is deprecated and will be removed in the next Rails version. Please, use the -e option instead. (called from at bin/rails:9)
To run the rails console in a different environment, use the -e option like this:
rails console -e production
Note: Setting the secret_key_base in the secrets.yml file is not safe, as it's not a secure way of storing the key, please use the encrypted credential.yml file and the master key to decrypt it.
That's all.
I hope this helps

Rails 5.2 Encrypted credentials for production environment

I have created the new Rails app with the version of 5.2. Rails 5.2 introduced the encryption feature for the secrets.
I have configured the secret key in devise.rb file
config.secret_key = Rails.application.credentials[Rails.env.to_sym][:secret_key_base]
and also added the secret_key's for all environments using
EDITOR=vim rails credentials:edit
development:
secret_key_base: absdss
test:
secret_key_base: 123232
production:
secret_key_base: 123456
after the saving the credentials i can able to get the secret_key's in the rails console in local
Output in rails console:
Running via Spring preloader in process 44308
Loading development environment (Rails 5.2.0)
2.5.1 :001 > Rails.application.credentials.development[:secret_key_base]
=> "absdss"
The credentials are not working on production server, we are using CI/CD in gitlab for deployment stages, when i run the
rails db:create db:migrate
i am getting the following error
> rails db:create db:migrate
---> Running in 1563453ddf2a
rails aborted!
NoMethodError: undefined method `[]' for nil:NilClass
/usr/src/app/config/initializers/devise.rb:12:in `block in <main>'
/usr/local/bundle/gems/devise-4.4.3/lib/devise.rb:307:in `setup'
/usr/src/app/config/initializers/devise.rb:5:in `<main>'
/usr/local/bundle/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:50:in `load'
Now the question is how to set the RAILS_MASTER_KEY to production server?

Im sharing few points which may help you
Encrypted credentials offer a few advantages over plaintext credentials or environment variables
Rails 5.1 introduced encrypted secrets
config/secrets.yml.key
config/secrets.yml.enc
Rails 5.2 replaces both secrets with encrypted credentials
config/credentials.yml.enc
config/master.key
config/master.key file is created while creating a rails project
Encryption key(master.key) is git ignored
In production
config/environments/production.rb
config.require_master_key = true
Can’t decrypt your credentials without the key
Managing the Key
a. scp or sftp the file
b. If you need to give a developer a copy of the key then You can use a password manager because they use encryption.
c. I used last pass for managing the master key file
The key used to encrypt credentials is different from the secret key base.
The key on master.key is used to encrypt and decrypt all credentials. It does not replace the secret key base.
The secret key base is required by Rails. If you want to generate a new secret key base run,
bin/rails secret
and add that to your credentials by running bin/rails credentials:edit.

You can put your master key as MASTER_KEY secret variable in Gitlab CI/CD Settings and then put
echo "$MASTER_KEY" > config/master.key
in before_script section of your .gitlab-ci.yml file.

Rails.application.credentials.development&.dig(:secret_key_base)
try this instead.

Missing secret_token and secret_key_base for production environment, set these values in config/secrets.yml

I get this error
Missing secret_token and secret_key_base for 'production'
environment, set these values in config/secrets.yml
And I added my .yml files to .gitignore.
I deployed to heroku

You should commit your secret.yml file to your repository, but do not include your production key. Instead, set your production key from an environment variable, like this:
development:
secret_key_base: xxxx
test:
secret_key_base: yyyy
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
Then generate a new secret key and set your ENV variable for Heroku like this:
$ rails secret
d3039b9b62a7311...
$ heroku config:set SECRET_KEY_BASE="d3039b9b62a7311..."
Or if you're into one-liners:
$ heroku config:set SECRET_KEY_BASE=`rails secret`

Missing `secret_token` and `secret_key_base` for 'development' environment, set these values in `config/secrets.yml`

When I try to run rails server command I get the error
How to solve it?
My config/environments/development.rb
Rails.application.configure do
config.secret_key_base = ENV["SECRET_KEY_BASE"]
#Some stuff
end
And I don't have the secret.yml file in my folder.

Then create one:
config/secrets.yml
# be sure to restart your server when you modify this file...
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
development:
secret_key_base: asdflkjasdlfkjasldfkj
test:
secret_key_base: asdflkhasldfhlhaskdlflakhsdf
production:
secret_key_base: 523lk5h2lkjlj6nlk4n6lk4
obviously don't use those keys above ^ just mash on your keyboard, or use rake secret to generate one :)

You skipped one installation step.
For Redmine 2 and 3 versions, type:
RAILS_ENV=production bundle exec rake generate_secret_token

The following solution helped me:
Create a secrets.yml file in your config directory.
In your terminal, type the following command: rake secret. This will generate a secret for you to include in your secrets.yml file.
Add the following snippet of code to your config/secrets.yml file:
development:
secret_key_base: PASTE_YOUR_GENERATED_SECRET_HERE

My solution to the problem is creating a new project then copy the 'secrets.yml` from the newly generated app into the old project.
rails new TmpApp
cd TmpApp/config
cp secrets.yml /Path/to/old/project/config/

I encountered this same issue with Redmine. There is a Rake task to generate it. It does not need to go into a Yaml file. It goes into a secret_tocken.rb file in the initializers folder.

Unable to set secret_key_base for the production environment in Ruby on Rails 4.1.4 application running on Heroku

I am unable to set secret_key_base for the production environment in Ruby on Rails 4.1.4 application running on Heroku.
Here are the steps that I've tried to do:
Run rake secret and copy the secret key to the clipboard
Run heroku config:set SECRET_KEY_BASE=%SECRET_KEY%
It returns success and Heroku lists this environment variable in the dashboard on the site, but the application still thinks that the secret key was not provided:
Missing secret_key_base for 'production' environment, set this value
in config/secrets.yml
Why? What am I doing wrong? How can I fix it?
Thanks in advance.

Add config/secrets.yml to version control and deploy again. You might need to remove a line from .gitignore so that you can commit the file.
.gitignore Github created for my Rails application included config/secrets.yml
OR
Follow this steps:
$ heroku config (run this command in your terminal)
Copy value from SECRET_KEY_BASE
paste value to secrets.yml file in place of <%= ENV["SECRET_KEY_BASE"] %> (without any quote)
e.g
production:
secret_key_base: b1de60dd9e00816d0569c5ce3f8dbaa3c8ea4a7606120dc66cXXXXXXXXXXXXXXXXXXXXXX
re-deploy
Note: Actually this is not safe but in-case you just wanted to run your app temporary in production mode for testing or in emergency condition
I hope it works for you...

What is in your config/secrets.yml? For production it should contain the lines:
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>