Long story short, I decided to use VM for development in addition to my local machine.
So when I pulled my source code inside that VM and ran rspec I received following output:
action#rails:~/workspace(master)$ rspec
/home/action/.rvm/gems/ruby-2.0.0-p451/gems/devise-3.2.3/lib/devise/rails/routes.rb:481:in `raise_no_secret_key': Devise.secret_key was not set. Please add the following to your Devise initializer: (RuntimeError)
config.secret_key = '...'
I've added the key, but now I have following errors in specs:
2) Password pages user views his passwords
Failure/Error: sign_in user
RuntimeError:
Missing `secret_key_base` for 'test' environment, set this value in `config/secrets.yml`
# ./spec/support/login_macros.rb:3:in `sign_in'
# ./spec/features/account_pages_spec.rb:7:in `block (2 levels) in <top (required)>'
What should be inside that file?
I just installed rails 4.1 and created a new project. The following is the default generated content of config/secrets.yml:
# Be sure to restart your server when you modify this file.
# Your secret key is used for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
# You can use `rake secret` to generate a secure secret key.
# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
development:
secret_key_base: 83aa0c7d6e2ed4574099514eb64bc3896fb8a71a344935fbd54705e0dd65adb897bc062fe477d03395a4d65675c833ba73ed340166be3874bfc01f43d6076385
test:
secret_key_base: 513fb7657945b56098db290394bf23f5e11463c473fb228719428a30fd34b8b899dff3f6173c32d7e6bc028dc3276f15dcba11b684d27983d8203fb5634ce8ae
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
You can generate a new key using rake secret then updating the value of config.secret_key.
$ rake secret
Use the output of the above command as the value for config.secret_key usually placed in config/initializers/devise.rb for devise. Restart rails server if you are using that as well.
Related
I simply can't get past the message:
Missing `secret_key_base` for 'production' environment, set this string with `rails credentials:edit` (ArgumentError)
I have Rails 5.2.0, and ran
EDITOR=vim rails credentials:edit
and inside:
production:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
Save and, in the terminal:
RAILS_ENV=production rails c
Am I missing something? I've restarted the server and got the same issue, but have no issue in development mode.
Keep default the secrets.yml file
# config/secrets.yml
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
aws_secret: abcde
some_password: abcdex
development:
secret_key_base: static_secret_key
aws_secret: abcde
test:
secret_key_base: static_test_secret_key
#not_indented: key for all env in once
secret_key_base: global_key_for_all_env
RAILS_ENV=production SECRET_KEY_BASE=production_test_key rails c
If using Rails 5.2.0, add to production env below, check this LINK
config.require_master_key = true #config/environments/production.rb
Rails 5.2.0 requires an extra stage for the production environment:
config.require_master_key = true # in config/environments/production.rb
Without it, Rails still falls back to the legacy secret.yml mechanism (for now).
Engine Yard's Christopher Rigor has written a concise post on it. The relevant piece:
Reading the Credentials
If you want to use the credentials in the production environment, add the following to config/environments/production.rb
config.require_master_key = true
A good read to also see up and down sides.
Note: As #TomDogg found out, Rails 5.2.1 seems again different, so this answer may only apply to 5.2.0.
config/credentials.yml.enc:
development:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
test:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
production:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
secret_key_base: ZZZZZZZZZ
# `secret_key_base:` must NOT be indented !
# It must be put at the very start of a new line.
# There is also no need for it in development or test environment,
# since there are no attacks to be expected.
Also make sure that you respect all YAML indention rules (i.e. 2 spaces only) as failing to do so my make loading of this file fail silently.
There are no production: development: and test: environment tags in the credentials file. Further information in this DHH's post: https://github.com/rails/rails/pull/30067
So write directly
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
Please don't confuse master key with the secret key base. The master key is used to open the credentials encrypted file.
Switching back to the previous secrets system should not be the solution, nor the accepted answer.
Secret_key_base isn't properly setting.
It's a known issue not getting enough attention: https://github.com/rails/rails/issues/32947
Generate the keys with:
EDITOR=vim rails credentials:edit
Record the key.
Save in config/master.key.
SECRET_KEY_BASE=`cat config/master.key` bin/rails assets:precompile
This is the solution I came to. I really don't like how I've been forced to put it though an environment variable. If someone has more information to bring to my attention on how master.key and such work, please do comment.
Avoid putting secret_key_base under environment tag. Put it above it.
This is wrong:
production:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
some_other_key: xxx
Try this instead:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
production:
some_other_key: xxx
I ran into this problem when deploying my rails app to dokku using a Dockerfile. My solution:
the file config/secrets.yml references an environment variable:
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
I need to set this variable using the dokku command line (either directly on the server, or using the dokku-cli gem on my development machine):
dokku config:set SECRET_KEY_BASE=blalbalblablahblablah
I experienced this same issue when working on a Rails 5.2 application in production.
I already had other things set up. The problem for me was not that the secret_key_base wasn't set properly, it was rather because of the Passing the environment's name as a regular argument like below is deprecated
rails c RAILS_ENV=production
If you look at your error log generated closely from its top you will see this:
DEPRECATION WARNING: Passing the environment's name as a regular argument is deprecated and will be removed in the next Rails version. Please, use the -e option instead. (called from at bin/rails:9)
To run the rails console in a different environment, use the -e option like this:
rails console -e production
Note: Setting the secret_key_base in the secrets.yml file is not safe, as it's not a secure way of storing the key, please use the encrypted credential.yml file and the master key to decrypt it.
That's all.
I hope this helps
I have created the new Rails app with the version of 5.2. Rails 5.2 introduced the encryption feature for the secrets.
I have configured the secret key in devise.rb file
config.secret_key = Rails.application.credentials[Rails.env.to_sym][:secret_key_base]
and also added the secret_key's for all environments using
EDITOR=vim rails credentials:edit
development:
secret_key_base: absdss
test:
secret_key_base: 123232
production:
secret_key_base: 123456
after the saving the credentials i can able to get the secret_key's in the rails console in local
Output in rails console:
Running via Spring preloader in process 44308
Loading development environment (Rails 5.2.0)
2.5.1 :001 > Rails.application.credentials.development[:secret_key_base]
=> "absdss"
The credentials are not working on production server, we are using CI/CD in gitlab for deployment stages, when i run the
rails db:create db:migrate
i am getting the following error
> rails db:create db:migrate
---> Running in 1563453ddf2a
rails aborted!
NoMethodError: undefined method `[]' for nil:NilClass
/usr/src/app/config/initializers/devise.rb:12:in `block in <main>'
/usr/local/bundle/gems/devise-4.4.3/lib/devise.rb:307:in `setup'
/usr/src/app/config/initializers/devise.rb:5:in `<main>'
/usr/local/bundle/gems/bootsnap-1.3.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:50:in `load'
Now the question is how to set the RAILS_MASTER_KEY to production server?
Im sharing few points which may help you
Encrypted credentials offer a few advantages over plaintext credentials or environment variables
Rails 5.1 introduced encrypted secrets
config/secrets.yml.key
config/secrets.yml.enc
Rails 5.2 replaces both secrets with encrypted credentials
config/credentials.yml.enc
config/master.key
config/master.key file is created while creating a rails project
Encryption key(master.key) is git ignored
In production
config/environments/production.rb
config.require_master_key = true
Can’t decrypt your credentials without the key
Managing the Key
a. scp or sftp the file
b. If you need to give a developer a copy of the key then You can use a password manager because they use encryption.
c. I used last pass for managing the master key file
The key used to encrypt credentials is different from the secret key base.
The key on master.key is used to encrypt and decrypt all credentials. It does not replace the secret key base.
The secret key base is required by Rails. If you want to generate a new secret key base run,
bin/rails secret
and add that to your credentials by running bin/rails credentials:edit.
You can put your master key as MASTER_KEY secret variable in Gitlab CI/CD Settings and then put
echo "$MASTER_KEY" > config/master.key
in before_script section of your .gitlab-ci.yml file.
Rails.application.credentials.development&.dig(:secret_key_base)
try this instead.
First, I'm aware this question has been asked and answered several times before - I have tried the solutions given, and had no luck.
I'm running Ruby 2.0.0 Rails 4.2.6, Devise ~> 3.5, and deploying to Redhat Openshift. Whenever I try to deploy (or similarly invoke Rails, such as with bundle exec rails c while ssh'd in) I get the following error:
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = '2d229ab5ed60d38692a890544be96c8108040e18e4653832e2688dc1bed378afe6ef0f3386692f3c9b65336aba5b8e8e500accc2eadc6e70d6bc6c92f41c97fb'
Please ensure you restarted your application after installing Devise or setting the key.
As I understand it, Devise under Rails 4+ will use Rails.secret_key_base as its secret key, which I'm pretty sure I have set. I have just the following occurrence of secret_key in my repo:
production.rb
Rails.application.configure do
# Secret key base
config.secret_key_base = ENV["SECRET_KEY_BASE"]
end
I have verified that the environment key is set on Openshift, in the Rails context:
[ repo]\> bundle exec env | grep SECRET_KEY
SECRET_KEY_BASE=c509...
I have also tried being more explicit with setting the key into Devise:
Devise.setup do |config|
# The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database.
# Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
# by default. You can change it below and use your own secret key.
config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env == 'production'
end
..but I still get the same error.
What have I missed?
Well, I feel silly. I hadn't set RAILS_ENV, so it was running as development. A simple:
rhc set-env RAILS_ENV=production
sorted everything out.
I'm trying to clone a rails repository from github, but it doesn't have a secrets.yml file. When I try to run the app from rails server, I get the error
Missing secret_key_base for 'development' environment, set this value in config/secrets.yml
I know what the structure of the file is supposed to look like, but is there a way for me to generate keys to use the development environment?
This rake task generate secret for you:
bundle exec rake secret
Generate a cryptographically secure secret key (this is typically
used to generate a secret for cookie sessions)
All rake tasks:
bundle exec rake -T
The secrets.yml file(note the indentation):
development:
secret_key_base: d140269c106b6d064cdd670a5aace0bbbb1400de545377a47836dbdab8104f2fdf0ab87e6b7982819d1bcc2ccf6a5f093985a0895970f01f30b0b15378a090e9
some_key: 338a3312d82
some_secret: f5d9c3214e7b
other_environment: development
other_password: password
production:
secret_key_base: d140269c106b6d064cdd670a5aace0bbbb1400de545377a47836dbdab8104f2fdf0ab87e6b7982819d1bcc2ccf6a5f093985a0895970f01f30b0b15378a090e9
some_key: 338a3312d82
some_secret: f5d9c3214e7b
other_environment: development
other_password: password
In Rails 5 you can simply type.
rails secret
This will generate a new key for you. Just copy the key and put it in your secrets.yml file
development:
secret_key_base: <Generated key>
I added the Devise gem then followed the instructions and ran rails generate devise:install, the result was the following:
/usr/local/rvm/gems/ruby-1.9.3-p194/gems/devise-3.2.4/lib/devise/rails/routes.rb:487:in `raise_no_secret_key': Devise.secret_key was not set. Please add the following to your Devise initializer: (RuntimeError)
config.secret_key = 'abc123'
Please ensure you restarted your application after installing Devise or setting the key.
How do I 'restart' my application? And how and where do I set the secret key?
In order to generate a secret run:
bundle exec rake secret
and copy the result from the console to the devise initializer (config/initializers/devise.rb)
config.secret_key = '4fce3c1c860216b8......'
You need to add a line to your config/initializers/devise.rb to set the secret key (replace the example value below with a more secure and random key):
config.secret_key = 'yoursecretkey'
After that just stop your Rails server and start it again. Also see this Stackoverflow question.