Login/Register
Create fresh Rails 5 credentials on clone
Asked Answered
ruby-on-railsruby-on-rails-5
D

3

14

Problem I am creating a rails 5.2 template. I've created a new project which is a fork of the template. I don't want to use the same config/master.key since this would be shared across X other projects. Is there a way to generate a new key & config/credentials.yml.enc pair? That way I could include a config/credentials.yml.enc.sample and they run rails credentials:new or something then copy the contents over?

Can't find anything in the documentation or google/so searches about this and my alternative is to use the same key across all my public projects :,(

Derm answered 21/1, 2018 at 22:23 Comment(0)
Z
8

as described here: https://blog.eq8.eu/til/rails-52-credentials-tricks.html

Regenerate key

Currently there is no “edit password” feature, you need copy original content of the credentials, remove the enc files and regenerate fresh credentials file (source)

  • step 1 copy content of original credentials rails credentials:show
  • step 2 move your config/credentials.yml.enc and config/master.key away (mv config/credentials.yml.enc ./tmp/ && mv config/master.key ./tmp/)
  • step 3 run EDITOR=vim rails credentials:edit
  • step 4 paste copied values from original credentials
  • step 5 save and commit config/credentials.yml.enc

note! EDITOR=vim rails credentials:edit may not work if you require credential value in some file (e.g. in config/database.yml)

Zoba answered 26/7, 2018 at 12:3 Comment(1)
If it's still not working after trying the steps above, try removing lines like /config/master.key or/config/credentials/production.key that are related to credentials in .gitignore file. Also, you might need to run rails credential:edit in a new terminal tab. (This is in addition to commenting out all the lines that include Rails.application.credentials... in your code.)Mixon
D
3

https://github.com/rails/rails/blob/master/railties/lib/rails/commands/credentials/USAGE

For applications created prior to Rails 5.2, we'll automatically generate a new credentials file in config/credentials.yml.enc the first time you run bin/rails credentials:edit. If you didn't have a master key saved in config/master.key, that'll be created too.

So I can create a plain text version of the encrypted file to show which keys are required:

foo_api_key: 123

They run bin/rails credentials:edit which generates the key and encrypted file then they copy the keys over to add them to the encrypted file.

Derm answered 22/1, 2018 at 0:55 Comment(0)
M
1

Using @Myk Klemme's answer at https://mcmap.net/q/820618/-create-fresh-rails-5-credentials-on-clone I was able to successfully re-generate credential files config/credentials.yml.enc, config/master.key.

For that I first removed the existing config/credentials.yml.enc file I got from cloned template-repo and then ran following command

rails_new_app$ EDITOR="mate --wait" bin/rails credentials:edit

which generated following output:

Adding config/master.key to store the encryption key: <encryption_key>

Save this in a password manager your team can access.

If you lose the key, no one, including you, can access anything encrypted with it.

      create  config/master.key


File encrypted and saved.
Mechling answered 25/4, 2020 at 13:14 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.