Develop Reference

Devise.secret_key was not set error when attempting to push to heroku

I am trying to push my project to heroku and I am getting the error below. I have already tried inserting the secret key into my devise.rb file and I am still unable to push my project. What could be the cause of this?
Devise.secret_key was not set. Please add the following to your Devise initializer:
remote:
remote: config.secret_key = '58216f7aa3031f4abcf97b44a526911b4aacf005ffd09c2243cc125d23a01b1d27e941ea4a627f33b6802d3ec821e55ffcf2f609ee570a98b4cb445ccbd29820'

When you setup Devise it doesn't automatically have a secret key set. It's commented out.
If you take a look at the devise initializer config/initializers/devise.rb on line 11 you'll see something like this
# config.secret_key = 'token'
If you uncomment this and push to GitHub, then Heroku everything should push correctly.

Try specifying where Devise should look for the secret key inside your devise.rb file:
config.secret_key = Rails.application.credentials.secret_key_base
or
config.secret_key = Rails.application.secret_key_base

Rails 5.2 Encrypted credentials for production environment

I have created the new Rails app with the version of 5.2. Rails 5.2 introduced the encryption feature for the secrets.
I have configured the secret key in devise.rb file
config.secret_key = Rails.application.credentials[Rails.env.to_sym][:secret_key_base]
and also added the secret_key's for all environments using
EDITOR=vim rails credentials:edit
development:
secret_key_base: absdss
test:
secret_key_base: 123232
production:
secret_key_base: 123456
after the saving the credentials i can able to get the secret_key's in the rails console in local
Output in rails console:
Running via Spring preloader in process 44308
Loading development environment (Rails 5.2.0)
2.5.1 :001 > Rails.application.credentials.development[:secret_key_base]
=> "absdss"
The credentials are not working on production server, we are using CI/CD in gitlab for deployment stages, when i run the
rails db:create db:migrate
i am getting the following error
> rails db:create db:migrate
---> Running in 1563453ddf2a
rails aborted!
NoMethodError: undefined method `[]' for nil:NilClass
/usr/src/app/config/initializers/devise.rb:12:in `block in <main>'
/usr/local/bundle/gems/devise-4.4.3/lib/devise.rb:307:in `setup'
/usr/src/app/config/initializers/devise.rb:5:in `<main>'
/usr/local/bundle/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:50:in `load'
Now the question is how to set the RAILS_MASTER_KEY to production server?

Im sharing few points which may help you
Encrypted credentials offer a few advantages over plaintext credentials or environment variables
Rails 5.1 introduced encrypted secrets
config/secrets.yml.key
config/secrets.yml.enc
Rails 5.2 replaces both secrets with encrypted credentials
config/credentials.yml.enc
config/master.key
config/master.key file is created while creating a rails project
Encryption key(master.key) is git ignored
In production
config/environments/production.rb
config.require_master_key = true
Can’t decrypt your credentials without the key
Managing the Key
a. scp or sftp the file
b. If you need to give a developer a copy of the key then You can use a password manager because they use encryption.
c. I used last pass for managing the master key file
The key used to encrypt credentials is different from the secret key base.
The key on master.key is used to encrypt and decrypt all credentials. It does not replace the secret key base.
The secret key base is required by Rails. If you want to generate a new secret key base run,
bin/rails secret
and add that to your credentials by running bin/rails credentials:edit.

You can put your master key as MASTER_KEY secret variable in Gitlab CI/CD Settings and then put
echo "$MASTER_KEY" > config/master.key
in before_script section of your .gitlab-ci.yml file.

Rails.application.credentials.development&.dig(:secret_key_base)
try this instead.

"Devise.secret_key was not set." deploying to Openshift

First, I'm aware this question has been asked and answered several times before - I have tried the solutions given, and had no luck.
I'm running Ruby 2.0.0 Rails 4.2.6, Devise ~> 3.5, and deploying to Redhat Openshift. Whenever I try to deploy (or similarly invoke Rails, such as with bundle exec rails c while ssh'd in) I get the following error:
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = '2d229ab5ed60d38692a890544be96c8108040e18e4653832e2688dc1bed378afe6ef0f3386692f3c9b65336aba5b8e8e500accc2eadc6e70d6bc6c92f41c97fb'
Please ensure you restarted your application after installing Devise or setting the key.
As I understand it, Devise under Rails 4+ will use Rails.secret_key_base as its secret key, which I'm pretty sure I have set. I have just the following occurrence of secret_key in my repo:
production.rb
Rails.application.configure do
# Secret key base
config.secret_key_base = ENV["SECRET_KEY_BASE"]
end
I have verified that the environment key is set on Openshift, in the Rails context:
[ repo]\> bundle exec env | grep SECRET_KEY
SECRET_KEY_BASE=c509...
I have also tried being more explicit with setting the key into Devise:
Devise.setup do |config|
# The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database.
# Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
# by default. You can change it below and use your own secret key.
config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env == 'production'
end
..but I still get the same error.
What have I missed?

Well, I feel silly. I hadn't set RAILS_ENV, so it was running as development. A simple:
rhc set-env RAILS_ENV=production
sorted everything out.

How do I set secrets

Long story short, I decided to use VM for development in addition to my local machine.
So when I pulled my source code inside that VM and ran rspec I received following output:
action#rails:~/workspace(master)$ rspec
/home/action/.rvm/gems/ruby-2.0.0-p451/gems/devise-3.2.3/lib/devise/rails/routes.rb:481:in `raise_no_secret_key': Devise.secret_key was not set. Please add the following to your Devise initializer: (RuntimeError)
config.secret_key = '...'
I've added the key, but now I have following errors in specs:
2) Password pages user views his passwords
Failure/Error: sign_in user
RuntimeError:
Missing `secret_key_base` for 'test' environment, set this value in `config/secrets.yml`
# ./spec/support/login_macros.rb:3:in `sign_in'
# ./spec/features/account_pages_spec.rb:7:in `block (2 levels) in <top (required)>'
What should be inside that file?

I just installed rails 4.1 and created a new project. The following is the default generated content of config/secrets.yml:
# Be sure to restart your server when you modify this file.
# Your secret key is used for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
# You can use `rake secret` to generate a secure secret key.
# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
development:
secret_key_base: 83aa0c7d6e2ed4574099514eb64bc3896fb8a71a344935fbd54705e0dd65adb897bc062fe477d03395a4d65675c833ba73ed340166be3874bfc01f43d6076385
test:
secret_key_base: 513fb7657945b56098db290394bf23f5e11463c473fb228719428a30fd34b8b899dff3f6173c32d7e6bc028dc3276f15dcba11b684d27983d8203fb5634ce8ae
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

You can generate a new key using rake secret then updating the value of config.secret_key.
$ rake secret
Use the output of the above command as the value for config.secret_key usually placed in config/initializers/devise.rb for devise. Restart rails server if you are using that as well.

Rails 4.1 pushing secrets to heroku

Rails 4.1.0.beta1 and Devise.
I'm trying to remove all of my keys from version control and I've upgraded to Rails 4.1 to give this new secrets.yml a shot
Trying to push Devise's config.secret_key to heroku but it's failing after assets:precompile
Preparing app for Rails asset pipeline
Running: rake assets:precompile
rake aborted!
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = 'EXAMPLE_KEY_HERE'
Please ensure you restarted your application after installing Devise or setting the key.
Here are my changes, the old code I'll leave in comments. (it works)
devise.rb
# config.secret_key = 'THIS_IS_A_FAKE_KEY' #<---this_is_commented_out
config.secret_key = Rails.application.secrets.devise_secret_key
secrets.yml
production:
devise_secret_key: 'THIS_IS_A_FAKE_KEY'
then ran heroku labs:enable user-env-compile -a myapp (not sure if that's necessary)
and then when I push to my forked heroku envionment git push forked master I get the above error.
I also noticed some discussion on this in this Devise repo so I figured I'd update my gem alongside the source repo, no difference. Here's part of that discussion (here).

You've likely got secrets.yml added to your .gitignore. Which makes sense, since you put secret keys in it -- but since Heroku deployment uses git, it never sees your secrets.yml.
One solution is to use the heroku_secrets gem - See https://stackoverflow.com/a/22458102/2831572 .
Another solution is to add secrets.yml to git (i.e. remove it from .gitignore) after replacing all sensitive keys with references to environment variables.
So:
production:
devise_secret_key: <%= ENV['DEVISE_KEY'] %>
then run heroku config:set DEVISE_KEY='7658699e0f765e8whatever'