Here are the docs for environmental security on rails https://guides.rubyonrails.org/security.html#environmental-security
In your case, you should have these files
config/master.key
config/credentials.yml.enc
Delete those files and then you can generate with this:
rails credentials:edit
Now the file master.key is ignored by your version control because it is the key rails use to decrypt the .enc, just commit your credentials.yml.enc and push it to heroku.
For master.key on heroku you can define the environment variable RAILS_MASTER_KEY on your heroku app and put the value of master.key on it.
Now to access the environments variables that you defined on your .enc file you must access through Rails.application.credentials
ActionMailer::Base.smtp_settings = {
:address => 'smtp.sendgrid.net',
:port => '587',
:authentication => :plain,
:user_name => Rails.application.credentials.SENDGRID_USERNAME,
:password => Rails.application.credentials.SENDGRID_PASSWORD,
:domain => 'heroku.com',
:enable_starttls_auto => true
}
rm -rf config/credentials.yml.enc
EDITOR="mate --wait" bin/rails credentials:edit
Hope it's helpful.
the only way for me was to renew my master key.
This post help me https://github.com/rails/rails/issues/32718
I had this issue when working on a Rails 6 application in Ubuntu 20.04.
The issue was that I was setting/specifying a wrong RAILS_MASTER_KEY
environment variable in my .env
files in development (.env
, .env.development
). I just wanted to use it as a placeholder temporarily since I did not need it in my development environment.
This was then throwing the error below when I run a rails command, say rails generate uploader ProductImage
:
`rescue in _decrypt': ActiveSupport::MessageEncry ptor::InvalidMessage (ActiveSupport::MessageEncryptor::InvalidMessage)
And even when I try generating a new master.key
and the credentials.yml.enc
files using rails credentials:edit
or EDITOR="code --wait" bin/rails credentials:edit
it throws the error below:
key=': key must be 16 bytes (ArgumentError)
Here's how to fix it:
What you have to do is to either provide the correct RAILS_MASTER_KEY
environment variable in the .env
file(s) or comment out the RAILS_MASTER_KEY
environment variable if you are not using it.
That's it.
I hope this helps
For me, it was because the environmental variable (found in the Heroku Settings page in the 'Config Vars' section) held an outdated master key.
Starting with Rails 6, you can have credentials per environment. So, I had credentials for production that differed from those in development; and both of these credentials have their own master key.
The one found here: config/master.key
, is for the standard credentials file: config/credentials.yml.enc
. The credentials file for production found here: config/credentials/production.yml.enc
is encrypted with the production.key
found in the same folder here: config/credentials/production.key
.
I updated the key in Heroku in the Config Vars to the new production.key
and everything deployed correctly.
I hope that this helps. Happy Coding!
*Also, I would recommend, after updating any Config Vars, to restart your dynos on Heroku. This insures that any new environmental variables are taken into account.
To do this, click on the 'More' button in the top right of any page, and then click on 'Restart all dynos'.
You need to ask for the master key to you project leader / team leader / coworkers.
With that long key like 3823729sdad29323832idsd you copy it and paste it the master.key file under config folder.
That solve the issue.
I also faced the same problems a few moments later. Also, find a solution for me! basically, I'm using an android device for developing a Ruby on Rails app. the solution is: go to the app config directory. Then backup and remove the following files:
master.key
credentials.yml.enc
then go to terminal or on android, go to termux and write the command on app directory (must check you are on the rails app directory):
$ EDITOR=nano rails credentials:edit
you can also use other editors like Atom on desktops. now a new master.key and temporary non-encrypted credentials file will be created in terminal or termux (for android users). then press "ctrl+x" then "y" And then press enter, then the temporary non-encrypted credential file will be encrypted. now try to do your work. Now you might get a successful output. That's all. Happy Coding.
Notes: some points I get help for writing this answer from: https://github.com/rails/rails/issues/32718
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With