Devise Secret Key was not set

Question

I am developing a Rails 4 app using the Active Admin gem for the administration back end. Active Admin in turn uses Devise for user authentication. Now, when I try to deploy the app using capistrano on the VPS server, I get the below error:

rake aborted!
Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = '-- secret key --'

A Google search does not do much for this error. Any suggestions why it is throwing an error? Should I add the secret key to devise initializer, as I cannot find any place to set such config key in initializers/devise.rb?

Answer 1

In config/initializers/devise.rb I put:

config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env.production?

Because if you put:

$ heroku config

You'll see a secret_key_base for the mode production.

Answer 2

I do not know right solution but it's working. You can try it. I was cloned my project from my GitLab account and when I run in my local server, I have an error Message:

rake aborted! Devise.secret_key was not set. Please add the following to your Devise initializer: config.secret_key = '-- secret key --'

Open config/initializers/devise.rb and add this line

config.secret_key = '<%= ENV["SECRET_KEY_BASE"] %>'

This code line is solved my problem.

Answer 3

Ran into the same trouble with Rails 5.2.0 and Devise 4.4.1

Drop the following into /config/initializers/devise.rb

config.secret_key = Rails.application.credentials.secret_key_base

Answer 4

What worked for me on Rails 4.1 and Devise 3.2.4 is in config/initializers/devise.rb:

config.secret_key = ENV['DEVISE_SECRET_KEY'] if Rails.env.production?

Answer 5

I ran bundle update this morning and started getting the same error.

I added it as a line in config/initializers/devise.rb and the error was fixed.

This seems to be the commit which introduced it.

Answer 6

Fix:

1. In the production server:

   sudo -H nano /etc/environment
   

2. Then in the file add:

   export SECRET_KEY_BASE="yourkey"
   export DEMO03_DATABASE_PASSWORD="yourpass"
   

   to set this permanently, and system wide (all users, all processes) add set variable

3. In the local project devise.rb file:

   config.secret_key = ENV["SECRET_KEY_BASE"] if Rails.env.production?
   

Technical details:

• Ubuntu 16.04
• Devise (4.2.0)
• rails 5.0.1
• capistrano (3.7.1)

Answer 7

Well, I have been following this post and tried almost everything here. I have added the key to devise.rb. But I was still getting the same error.

Maybe a stupid answer, but all I had to do was to push the devise.rb key to the repository.

Answer 8

Trying to give a somewhat more complete answer to the ones above: As mentioned in the devise_auth_token gem's documentation

...Additionally, you can configure other aspects of devise by manually creating the traditional devise.rb file at config/initializers/devise.rb. Here are some examples of what you can do in this file:

Devise.setup do |config|   
# The e-mail address that mail will appear to be sent from   
# If absent, mail is sent from "please-change-me-at-config-initializers-devise@example.com"  
config.mailer_sender = "support@myapp.com"

# If using rails-api, you may want to tell devise to not use ActionDispatch::Flash   
# middleware b/c rails-api does not include it.   
# See: http://stackoverflow.com/q/19600905/806956  
config.navigational_formats = [:json] end

I had the same problem, and like metioned here, I created the devise initializer, and add the config.secret_key = ENV['DEVISE_SECRET_KEY'] line to it.

Answer 9

I cloned my repository onto a new machine from git. The

config/secrets.yml 

file was on my .gitignore list, so that file didn't exist, and Devise doesn't create the file.

I added the file, then re-ran

rails generate devise MODEL

and it worked.

Answer 10

Check if your config\initializers\secret_token.rb has:

YourAppName::Application.config.secret_token

It should be:

YourAppName::Application.config.secret_key_base

Answer 11

As per changelog:

Devise will use the secret_key_base on Rails 4+ applications as its secret_key. You can change this and use your own secret by changing the devise.rb initializer.

I went to config/secrets.yml and changed the production value.

Before:

production: 
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

After:

production: 
  secret_key_base: string of charaters

Of course, that should be set to the environment variable, which I will set later, but this at least got it running. I got my string by using bundle exec rake secret.

Answer 12

As of Devise 3.2.3 for Rails 4+ applications the key setting location defaults to YourAppName::Application.config.secret_key_base found in config/initializers/secret_token.rb

Answer 13

I has same issue. The problem was caused by these lines in routes.rb:

devise_for :users, :skip => [:registrations]                                                   
as :user do
  get 'users/edit' => 'devise/registrations#edit', :as => 'edit_user_registration'              
  put 'users' => 'devise/registrations#update', :as => 'user_registration'                      
  get '/users/sign_out' => 'devise/sessions#destroy'                                            
end

I commented them and after that i run:

$ rails generate devise:install

And it has evaluated perfectly. And after that I uncommented routes.

Answer 14

This solved my problem:

Add the code below to your config/initializers/devise.rb file.

config.secret_key = '-- secret key --' 

Replace '-- secret key--' with your own key. I recommend storing it in an ENV variable for security purpose.

Answer 15

Could it be, that you did not run rails g devise:install?

Running rails generate devise User without the previous command does cause this problem.

Answer 16

I solve my initializer problem with this ugly approach:

config.secret_key = 'some1234keyq23' if Rails.env == 'production'

in config/initializers/devise.rb It now works in production as well as in development !