Using config/secrets.yml in Rails 4.0.2 version

Question

I was reading http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html and saw there the trick with config/secrets.yml

I moved my secret_base_keys to that file, and removed secret_token.rb file.

But server doesn't start.

DEPRECATION WARNING: You didn't set config.secret_key_base. Read the upgrade documentation to learn more about this new config option. (called from service at /home/bismailov/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/webrick/httpserver.rb:138)
[2014-01-15 16:15:51] ERROR RuntimeError: You must set config.secret_key_base in your app's config.

I believe that is because I don't use Rails 4.1 yet.

Is there any way to implement this new functionality (secrets.yml) in Rails version 4.0? Maybe some kind of gem...

Thank you very much!

Answer 1

This secret_key_base deprecation does not seem to have alternative syntax to remove the deprecation warning in a Rails 4.0 application. To satisfy the deprecation, follow the steps for moving the production key to secrets.yml and delete the secret_token.rb file. The implement a YAML loader in your application.rb to extract the token from your secrets.yml file.

Use rake secret to generate a new token for each of your environments. Copy and paste the output to each section of your secrets.yml file.

# config/secrets.yml
development:
  secret_key_base: __pasted from rake secret___
test:
  secret_key_base: __pasted from rake secret___
production:
  secret_key_base: __pasted token from config/initializers/secret_token.rb___


# config/application.rb
# TODO Remove this in Rails 4.1
config.secret_key_base = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]['secret_key_base']

Cite: https://github.com/rails/rails/pull/13298

UPDATE:

My original post focused on Inspired by @user2998870, I added a method to my application.rb that is allows one to implement multiple secrets, not just secret_key_base. This makes top-level keys accessible as methods e.g. Rails.application.secrets.braintree_merchant_id.

If nested, one can call the nested key value using Rails.application.secrets.braintree['merchant_key'].

Note: The original code above is still needed for secret_key_base to operate correctly in Rails 4.0.

# config/application.rb
def secrets
  @secrets ||= begin
    yaml = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]
    ActiveSupport::OrderedOptions.new.merge!(yaml.symbolize_keys)
  end
end

Answer 2

I did like @scarver2 mentioned, but I did it by borrowing some code from Rails 4.1 (I'm currently using on 4.0.3)

# Load 3rd party service passwords from config/services.rb.
# This is patch code to support config/services.rb till we upgrade to Rails 4.1.
# TODO: Remove this section after upgrading to Rails 4.1.

# Borrowed from rails/railties/lib/rails/application/configuration.rb
config.paths.add "config/secrets", with: "config/secrets.yml"

# Borrowed from rails/railties/lib/rails/application.rb
def secrets #:nodoc:
  @secrets ||= begin
    secrets = ActiveSupport::OrderedOptions.new
    yaml = config.paths["config/secrets"].first
    if File.exist?(yaml)
      require "erb"
      all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
      env_secrets = all_secrets[Rails.env]
      secrets.merge!(env_secrets.symbolize_keys) if env_secrets
    end

    # Fallback to config.secret_key_base if secrets.secret_key_base isn't set
    secrets.secret_key_base ||= config.secret_key_base

    secrets
  end
end

Answer 3

config/secrets.yml is a feature of Rails 4.1. Upgrade to Rails 4.1 to use the feature.