Using credentials.yml with Rails and Heroku

Question

I have an app on Rails 5.2 and it was previously hosted on DigitalOcean, but I need to host it on heroku. I've been reading that heroku can't read Credentials.yml of because it's on gitignore and of course I don't want it public.

So my key variables are like this (and example with redis):

host: Rails.application.credentials.redis_host,
  password: Rails.application.credentials.redis_password

Heroku can't read this. So my question is what is the best approach to change that in to heroku ENV variables? Do I need to edit all my current keys (there about 340) to ENV['SOMEKEY']?

I'll appreciate you help!

Answer 1

Create credentials.yml and master key:

rails credentials:edit 

Edit credentails:

EDITOR=vim rails credentials:edit

WORKING WITH VIM:

• For inserting
• Press i //Do required editing
• For exiting Press Esc
• :wq //for exiting and saving
• :q! //for exiting without saving

EXAMPLE OF HOW CREDENTIALS.YML can look:

development:
   github:
      client: acascascsacascascasc
      secret: vdsvsvg34g34g
production:
   github:
      client: 34g3rvv
      secret: erberb43

FIND A CREDENTIAL:

rails c
Rails.application.credentials.dig(:aws, :access_key_id)

or if an env variable is used

Rails.application.credentials[Rails.env.to_sym][:aws][:access_key_id]

The credentials.yml file should NOT be in gitignore.

The master key that decrypts the credentials SHOULD be in gitignore.

To set your master key in production:

heroku config:set RAILS_MASTER_KEY=123456789

or

heroku config:set RAILS_MASTER_KEY=`cat config/master.key`

That's all you need to know about credentials in Ruby on Rails. Good luck :)

Update: I've created a screencast covering the topic :)