Login/Register
Running a rails server in production locally (InvalidMessage error)
Asked Answered
Solved ruby-on-railsproduction
H

5

24

I'm running Ruby 2.5.1 and Rails 5.2.0. I ran rails s -e production, and it gives this error:

/home/roy/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/message_encryptor.rb:206:in `rescue in_decrypt': ActiveSupport::MessageEncryptor::InvalidMessage
(ActiveSupport::MessageEncryptor::InvalidMessage)

How do I do this properly?

EDIT: The same error appears whenever I try to edit the credentials file using

EDITOR="nano --wait" bin/rails credentials:edit

Also I realized that I didn't create a production database yet so I tried that using

RAILS_ENV=production bundle exec rails db:reset

(I know db:reset is a bit redundant but it should work trying to create, migrate and seed a server)

Sadly I get the same kind of error (InvalidMessage error)

Unsupported rails environment for compass
rake aborted!
ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
/home/roy/apps/myappname/config/environment.rb:5:in `<main>'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `load'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `<main>'

Caused by:
OpenSSL::Cipher::CipherError: 
/home/roy/apps/myappname/config/environment.rb:5:in `<main>'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `load'
/home/roy/.rbenv/versions/2.5.1/bin/bundle:23:in `<main>'
Tasks: TOP => db:create => db:load_config => environment
Hotbox answered 30/4, 2018 at 14:31 Comment(4)
Do you use encrypted secrets file?Divaricate
No, but I tried using that. Whenever I run EDITOR="nano --wait" bin/rails credentials:edit to edit the encrypted credentials it gives me the same error as seen in my post.Hotbox
do you have master.key of your app?Divaricate
@Divaricate yes, I do have oneHotbox
H
56

Okay I got it working finally.

I simply deleted my master.key and credentials.yml.enc files and then ran 

bin/rails credentials:edit

Which created new files. After that everything worked fine.

I don't really understand why it works though. Can anyone give a good explanation for this?

Hotbox answered 1/5, 2018 at 13:25 Comment(4)
Thanks, but just deleting the files isn't a decent solution. What if you can't lose the saved encrypted credentials? :)Bitterling
thanks for saving Rails stupid setting. those stuip setup kills railsAgincourt
you saved my day :) I was deleting only credentials.yml.enc and it wasn't working for me until I read that you deleted master.key as well, so for anyone who read this, don't forget to delete both master.key and credentials.yml.encWhitsun
I believe credentials are encrypted using ActiveSupport::MessageEncryptor. Some rails upgrades change the default cipher used by that class. So when you try to use the old one it fails to decrypt the secrets. I was using ActiveSupport::MessageEncryptor directly and I fix this by using the option to rotate ciphers (api.rubyonrails.org/v5.2.3/classes/ActiveSupport/…) I'm not sure why this is not an option for credentials.yml.enc My guess is that this solution works because it encrypts the secrets again with the new cipher.Saleratus
C
9

It appears your solution of removing the master.key and credentials.yml.enc indicates you are running Rails 5.2. This setup changed from a similar encrypted secrets.yml.enc file used in Rails 5.1.

The goal is to allow committing secret keys (AWS, Rails' secrect_key_base) to a project's code repository. These would typically be set with ENV variables. Now collaborators need only share the master.key that was generated to decrypt and modify or read the contents of credentials.yml.enc.

When you removed both the master.key and credentials.yml.enc files, rails generated a new pair, now you were able to decrypt credentials.yml.enc and this file was initialized with a new Rails secret_key_base value needed to avoid the ActiveSupport::MessageEncryptor::InvalidMessage. If you track down the source of that message, it's likely referencing the Rails credentials secret key base: Rails.application.credentials.secret_key_base.

These are nice write ups on the topic:
https://medium.com/cedarcode/rails-5-2-credentials-9b3324851336 https://www.engineyard.com/blog/rails-encrypted-credentials-on-rails-5.2

Camporee answered 15/9, 2018 at 12:26 Comment(0)
L
2

For Rails 6, I had a multi-environment credentials setup.

One for development, staging, and production.

The master.key works for the main credentials.yml file

The other environments have there own key, so for staging we used the production.key in place of the RAILS_MASTER_KEY config envs on heroku and that fixed it for me.

Lastly answered 15/5, 2020 at 3:5 Comment(0)
B
0

I had this similar issue when working with a Rails 5 application in production, royketelaar's answer and gib's answer

Just to add a few things:

After deleting the credentials.yml.enc and master.key files,

And running the command below to generate a new secret_key_base, credentials.yml.enc and master.key files (my editor is VS Code and not Nano):

EDITOR="code --wait" bin/rails credentials:edit

Ensure that uncomment the following configuration in your config/environments/production.rb file:

config.require_master_key = true

For your production environment, since the master.key file containing the master key which is used for decrypting the credentials.yml.enc is not recommended to be committed to version system control, save the master key in a RAILS_MASTER_KEY environment variable using the figaro gem.

That's all.

I hope this helps

Barquisimeto answered 8/2, 2020 at 14:23 Comment(0)
N
0

You need to ask for the master key to you project leader / team leader / coworkers.

With that long key like 63y4gh47373h3733jj474 you copy it and paste it the master.key file under config folder.

That solve the issue.

Nubble answered 9/2, 2020 at 19:54 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.