This repository has been archived by the owner on Jun 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Encrypted Credentials
Keifer Furzland edited this page Oct 11, 2018
·
3 revisions
Rails 5.2 introduces encrypted credentials, which will eventually replace config/secrets.yml. This change affects the development & deployment processes.
Some key differences between secrets.yml approach and Rails 5.2 credential management:
- Credentials are now encrypted locally into
config/credentials.yml.encrather than configured in environment variables. - A new key for encryption (
config/master.key) is now required to encrypt/decrypt. This key is not to be committed to the repository! (It will be ignored by default in git.) - Configuring credentials is now done with the command
bin/rails credentials:edit - Credentials are accessed within the application with
Rails.application.credentials.name_of_credential
For development purposes, a new developer will need to obtain a copy of the key. This can be shared via a tool like One Time Secret, or via other secure channels (Keybase, encrypted email, etc). Do NOT share this key over Slack or plaintext.
config/master.key must be copied to production server in order for the application to access credentials.
This can happen in one of two ways:
- Copy directly to production securely using
scporsftp. - The key can be injected via an environment variable -
RAILS_MASTER_KEY