Menu
I was reading http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html
and saw there the trick with config/secrets.yml
I moved my secret_base_keys to that file, and removed secret_token.rb file.
But server doesn't start.
DEPRECATION WARNING: You didn't set config.secret_key_base. Read the upgrade documentation to learn more about this new config option. (called from service at /home/bismailov/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/webrick/httpserver.rb:138)
[2014-01-15 16:15:51] ERROR RuntimeError: You must set config.secret_key_base in your app's config.
I believe that is because I don't use Rails 4.1 yet.
Is there any way to implement this new functionality (secrets.yml) in Rails version 4.0? Maybe some kind of gem...
Thank you very much!
975
Rails 4.1 generates a new secrets. yml file in the config folder. By default, this file contains the application's secret_key_base , but it could also be used to store other secrets such as access keys for external APIs.
The config/secrets. yml should contain the applications secret_key_base . It is also a place to store access tokens, external API keys, configuration options, etc. Then, you just need to copy this key into your secrets.
Rails stores secrets in config/credentials. yml. enc, which is encrypted and cannot be edited directly.
secret_key_base is used to encrypt and sign session.
This secret_key_base deprecation does not seem to have alternative syntax to remove the deprecation warning in a Rails 4.0 application. To satisfy the deprecation, follow the steps for moving the production key to secrets.yml and delete the secret_token.rb file. The implement a YAML loader in your application.rb to extract the token from your secrets.yml file.
Use rake secret to generate a new token for each of your environments. Copy and paste the output to each section of your secrets.yml file.
# config/secrets.yml
development:
secret_key_base: __pasted from rake secret___
test:
secret_key_base: __pasted from rake secret___
production:
secret_key_base: __pasted token from config/initializers/secret_token.rb___
# config/application.rb
# TODO Remove this in Rails 4.1
config.secret_key_base = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]['secret_key_base']
Cite: https://github.com/rails/rails/pull/13298
UPDATE:
My original post focused on Inspired by @user2998870, I added a method to my application.rb that is allows one to implement multiple secrets, not just secret_key_base. This makes top-level keys accessible as methods e.g. Rails.application.secrets.braintree_merchant_id.
If nested, one can call the nested key value using Rails.application.secrets.braintree['merchant_key'].
Note: The original code above is still needed for secret_key_base to operate correctly in Rails 4.0.
# config/application.rb
def secrets
@secrets ||= begin
yaml = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]
ActiveSupport::OrderedOptions.new.merge!(yaml.symbolize_keys)
end
end
config/secrets.yml is a feature of Rails 4.1. Upgrade to Rails 4.1 to use the feature.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
