Running a rails server in production locally (InvalidMessage error)

Question

I'm running Ruby 2.5.1 and Rails 5.2.0. I ran rails s -e production, and it gives this error:

/home/roy/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:206:in `rescue in_decrypt': ActiveSupport::MessageEncryptor::InvalidMessage (ActiveSupport::MessageEncryptor::InvalidMessage) 

How do I do this properly?

---

EDIT: The same error appears whenever I try to edit the credentials file using

EDITOR="nano --wait" bin/rails credentials:edit 

Also I realized that I didn't create a production database yet so I tried that using

RAILS_ENV=production bundle exec rails db:reset 

(I know db:reset is a bit redundant but it should work trying to create, migrate and seed a server)

Sadly I get the same kind of error (InvalidMessage error)

Unsupported rails environment for compass rake aborted! ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage /home/roy/apps/myappname/config/environment.rb:5:in `<main>' /home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `load' /home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `<main>'  Caused by: OpenSSL::Cipher::CipherError:  /home/roy/apps/myappname/config/environment.rb:5:in `<main>' /home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `load' /home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `<main>' Tasks: TOP => db:create => db:load_config => environment 

Answer 1

Okay I got it working finally.

I simply deleted my master.key and credentials.yml.enc files and then ran

bin/rails credentials:edit 

Which created new files. After that everything worked fine.

I don't really understand why it works though. Can anyone give a good explanation for this?

Answer 2

It appears your solution of removing the master.key and credentials.yml.enc indicates you are running Rails 5.2. This setup changed from a similar encrypted secrets.yml.enc file used in Rails 5.1.

The goal is to allow committing secret keys (AWS, Rails' secrect_key_base) to a project's code repository. These would typically be set with ENV variables. Now collaborators need only share the master.key that was generated to decrypt and modify or read the contents of credentials.yml.enc.

When you removed both the master.key and credentials.yml.enc files, rails generated a new pair, now you were able to decrypt credentials.yml.enc and this file was initialized with a new Rails secret_key_base value needed to avoid the ActiveSupport::MessageEncryptor::InvalidMessage. If you track down the source of that message, it's likely referencing the Rails credentials secret key base: Rails.application.credentials.secret_key_base.

These are nice write ups on the topic:
https://medium.com/cedarcode/rails-5-2-credentials-9b3324851336 https://www.engineyard.com/blog/rails-encrypted-credentials-on-rails-5.2