I get this error, when running "heroku open"
"Internal Server Error
You must set config.secret_key_base in your app's config."
I've tried everything in this thread:
Heroku Config Secret Key Base Error
Set MyApp::Application.config.secret_token = ENV['SECRET_TOKEN'] in config/initializers/secret_token.rb
Created a .env file with the contents SECRET_TOKEN=NKUd7gisd7fueAISDfg....
Updated my .gitignore file to look like below
What else I have tried:
I added: DemoApp::Application.config.secret_key_base = ENV['SECRET_TOKEN'] to secret_token.rb file
Used figaro to create a application.yml file and pasted SECRET_TOKEN: 9489b3eee4eccf317ed77407553e8adc97baca7c74dc7ee33cd93e4c8b69477eea66eaedeb18af0be2679887c7c69c0a28c0fded0a71ea472a8c4abf3f0a19cb with my own SECRET_TOKEN
ran rake figaro:heroku
I still get the internal server error. Apologies if this is a total nub question, but this is my first try with the "heroku open" command.
Thanks,
David
Ok from heroku staff help turns out that my config/initializers folder was not pushing up to git.
Then these two posts solved it:
Config/initializers not pushing to repo
No submodule mapping found in .gitmodules for path
Best of luck
To set environment variables on Heroku, you need to use the Heroku Toolbelt from on local machine:
heroku config:set SECRET_TOKEN=f489b3eee4eccf317ed77407553e8adc97baca7c74dc7ee33cd93e4c8b69477eea66eaedeb18af0be2679887c7c69c0a28c0fded0a71ea472a8c4abf3f0a19ca
(Obviously, replace the token above with your own)
Then just make sure that you have MyApp::Application.config.secret_token = ENV['SECRET_TOKEN'] in your config/initializers/secret_token.rb file.
See Setting up config vars for a deployed application for further info.
Also make sure that you've added a secret_key_base entry for the production environment in your config/secrets.yml file:
production:
secret_key_base: 527dacc0390e10df59278f1a18aa8ad14e429fa6ce522e5fb3b7ac358007dff4
Don't use the key posted here. You can generate a new one with a rake task and paste it into your config/secrets.yml file
bundle exec rake secrets
Related
I'm running Ruby 2.5.1 and Rails 5.2.0. I ran rails s -e production, and it gives this error:
/home/roy/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:206:in `rescue in_decrypt': ActiveSupport::MessageEncryptor::InvalidMessage
(ActiveSupport::MessageEncryptor::InvalidMessage)
How do I do this properly?
EDIT:
The same error appears whenever I try to edit the credentials file using
EDITOR="nano --wait" bin/rails credentials:edit
Also I realized that I didn't create a production database yet so I tried that using
RAILS_ENV=production bundle exec rails db:reset
(I know db:reset is a bit redundant but it should work trying to create, migrate and seed a server)
Sadly I get the same kind of error (InvalidMessage error)
Unsupported rails environment for compass
rake aborted!
ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
/home/roy/apps/myappname/config/environment.rb:5:in `<main>'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `load'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `<main>'
Caused by:
OpenSSL::Cipher::CipherError:
/home/roy/apps/myappname/config/environment.rb:5:in `<main>'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `load'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `<main>'
Tasks: TOP => db:create => db:load_config => environment
Okay I got it working finally.
I simply deleted my master.key and credentials.yml.enc files and then ran
bin/rails credentials:edit
Which created new files. After that everything worked fine.
I don't really understand why it works though. Can anyone give a good explanation for this?
It appears your solution of removing the master.key and credentials.yml.enc indicates you are running Rails 5.2. This setup changed from a similar encrypted secrets.yml.enc file used in Rails 5.1.
The goal is to allow committing secret keys (AWS, Rails' secrect_key_base) to a project's code repository. These would typically be set with ENV variables. Now collaborators need only share the master.key that was generated to decrypt and modify or read the contents of credentials.yml.enc.
When you removed both the master.key and credentials.yml.enc files, rails generated a new pair, now you were able to decrypt credentials.yml.enc and this file was initialized with a new Rails secret_key_base value needed to avoid the ActiveSupport::MessageEncryptor::InvalidMessage. If you track down the source of that message, it's likely referencing the Rails credentials secret key base: Rails.application.credentials.secret_key_base.
These are nice write ups on the topic:
https://medium.com/cedarcode/rails-5-2-credentials-9b3324851336
https://www.engineyard.com/blog/rails-encrypted-credentials-on-rails-5.2
For Rails 6, I had a multi-environment credentials setup.
One for development, staging, and production.
The master.key works for the main credentials.yml file
The other environments have there own key, so for staging we used the production.key in place of the RAILS_MASTER_KEY config envs on heroku and that fixed it for me.
I had this similar issue when working with a Rails 5 application in production, royketelaar's answer and gib's answer
Just to add a few things:
After deleting the credentials.yml.enc and master.key files,
And running the command below to generate a new secret_key_base, credentials.yml.enc and master.key files (my editor is VS Code and not Nano):
EDITOR="code --wait" bin/rails credentials:edit
Ensure that uncomment the following configuration in your config/environments/production.rb file:
config.require_master_key = true
For your production environment, since the master.key file containing the master key which is used for decrypting the credentials.yml.enc is not recommended to be committed to version system control, save the master key in a RAILS_MASTER_KEY environment variable using the figaro gem.
That's all.
I hope this helps
You need to ask for the master key to you project leader / team leader / coworkers.
With that long key like 63y4gh47373h3733jj474 you copy it and paste it the master.key file under config folder.
That solve the issue.
I added the key into heroku config var, but I'm still getting the error.
Is this the correct way? I ignored secrets.yml as I read from other sources that its not a good idea to push this to the public.
in the heroku config var:
[key] SECRET_KEY_BASE
[value] 3280570382948240938
in secrets.yml
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
What am I still doing wrong?
Furthermore, if I put my secret keys into heroku's config variable, don't other developers get to see this too? So, isn't that still kind of public? I've always wondered this concept.
you can set environment variable with heroku config
first generate secret key with run below command on terminal
rake secret
Now use that key on below command
heroku config:set SECRET_KEY_BASE='put here new generated key'
you can refer this link for more refference
https://devcenter.heroku.com/articles/config-vars
here is a fool-proof way to set the secret key base with heroku:
heroku config:set SECRET_KEY_BASE=$(rake secret)
you can see it with heroku config:get SECRET_KEY_BASE
and check that rails picks it up with Rails.application.secret_key_base (in heroku run rails console for instance)
I had the same issue today, but for me the solution was a bit different. I realized that in my local environment, I had been using:
Rails.application.secrets.secret_key_base
but for Heroku, instead use:
Rails.application.secret_key_base
^This worked in my local environment as well. Not sure what the extra .secrets is for.
When I try to run rails server command I get the error
How to solve it?
My config/environments/development.rb
Rails.application.configure do
config.secret_key_base = ENV["SECRET_KEY_BASE"]
#Some stuff
end
And I don't have the secret.yml file in my folder.
Then create one:
config/secrets.yml
# be sure to restart your server when you modify this file...
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
development:
secret_key_base: asdflkjasdlfkjasldfkj
test:
secret_key_base: asdflkhasldfhlhaskdlflakhsdf
production:
secret_key_base: 523lk5h2lkjlj6nlk4n6lk4
obviously don't use those keys above ^ just mash on your keyboard, or use rake secret to generate one :)
You skipped one installation step.
For Redmine 2 and 3 versions, type:
RAILS_ENV=production bundle exec rake generate_secret_token
The following solution helped me:
Create a secrets.yml file in your config directory.
In your terminal, type the following command: rake secret. This will generate a secret for you to include in your secrets.yml file.
Add the following snippet of code to your config/secrets.yml file:
development:
secret_key_base: PASTE_YOUR_GENERATED_SECRET_HERE
My solution to the problem is creating a new project then copy the 'secrets.yml` from the newly generated app into the old project.
rails new TmpApp
cd TmpApp/config
cp secrets.yml /Path/to/old/project/config/
I encountered this same issue with Redmine. There is a Rake task to generate it. It does not need to go into a Yaml file. It goes into a secret_tocken.rb file in the initializers folder.
I am unable to set secret_key_base for the production environment in Ruby on Rails 4.1.4 application running on Heroku.
Here are the steps that I've tried to do:
Run rake secret and copy the secret key to the clipboard
Run heroku config:set SECRET_KEY_BASE=%SECRET_KEY%
It returns success and Heroku lists this environment variable in the dashboard on the site, but the application still thinks that the secret key was not provided:
Missing secret_key_base for 'production' environment, set this value
in config/secrets.yml
Why? What am I doing wrong? How can I fix it?
Thanks in advance.
Add config/secrets.yml to version control and deploy again. You might need to remove a line from .gitignore so that you can commit the file.
.gitignore Github created for my Rails application included config/secrets.yml
OR
Follow this steps:
$ heroku config (run this command in your terminal)
Copy value from SECRET_KEY_BASE
paste value to secrets.yml file in place of <%= ENV["SECRET_KEY_BASE"] %> (without any quote)
e.g
production:
secret_key_base: b1de60dd9e00816d0569c5ce3f8dbaa3c8ea4a7606120dc66cXXXXXXXXXXXXXXXXXXXXXX
re-deploy
Note: Actually this is not safe but in-case you just wanted to run your app temporary in production mode for testing or in emergency condition
I hope it works for you...
What is in your config/secrets.yml? For production it should contain the lines:
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
I am a rails developer and trying to get familiar with Heroku.
I don't add config/environment.rb to git as environment.rb might be different for each environment.
For example, ENV['RAILS_ENV'] = 'some_env' should be in environment.rb.
However, Heroku requires environment.rb to be in git so that I can push it to Heroku.
Is there a way to just copy environment.rb to Heroku without version-controlling it?
Thanks.
Sam
You always want to keep the environment.rb file checked in. You can set the environment using config variables
heroku config:add RAILS_ENV=some_env
So you store your config with each individual app. You can read any config variables from your application by using ENV[]