Menu
Problem
I am creating a rails 5.2 template. I've created a new project which is a fork of the template. I don't want to use the same config/master.key since this would be shared across X other projects. Is there a way to generate a new key & config/credentials.yml.enc pair? That way I could include a config/credentials.yml.enc.sample and they run rails credentials:new or something then copy the contents over?
Can't find anything in the documentation or google/so searches about this and my alternative is to use the same key across all my public projects :,(
331
Adding credentials# secret_access_key: 345# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies. The credentials are stored in the YAML format and can be grouped by nesting keys.. Let's modify this by removing the comments and adding a key and a value.
Your text editor will open an unencrypted version of your credentials. If you don't have EDITOR set, you can run EDITOR=vi bin/rails credentials:edit or use your favorite text editor. After saving the file, the encrypted version will be saved to config/credentials. yml.
We have to do it manually. Copy content of original credentials rails credentials:show somewhere temporarily. Run EDITOR=vim rails credentials:edit in the terminal: This command will create a new master. key and credentials.
To decrypt and view or edit your credentials. yml , you can run rails credentials:edit or EDITOR=vim rails credentials:edit .
https://github.com/rails/rails/blob/master/railties/lib/rails/commands/credentials/USAGE
For applications created prior to Rails 5.2, we'll automatically generate a new credentials file in
config/credentials.yml.encthe first time you runbin/rails credentials:edit. If you didn't have a master key saved inconfig/master.key, that'll be created too.
So I can create a plain text version of the encrypted file to show which keys are required:
foo_api_key: 123
They run bin/rails credentials:edit which generates the key and encrypted file then they copy the keys over to add them to the encrypted file.
147
as described here: https://blog.eq8.eu/til/rails-52-credentials-tricks.html
Regenerate key
Currently there is no “edit password” feature, you need copy original content of the credentials, remove the enc files and regenerate fresh credentials file (source)
note! EDITOR=vim rails credentials:edit may not work if you require credential value in some file (e.g. in config/database.yml)
43
Using @Myk Klemme's answer at https://stackoverflow.com/a/48373368/936494 I was able to successfully re-generate credential files config/credentials.yml.enc, config/master.key.
For that I first removed the existing config/credentials.yml.enc file I got from cloned template-repo and then ran following command
rails_new_app$ EDITOR="mate --wait" bin/rails credentials:edit
which generated following output:
Adding config/master.key to store the encryption key: <encryption_key>
Save this in a password manager your team can access.
If you lose the key, no one, including you, can access anything encrypted with it.
create config/master.key
File encrypted and saved.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
