CODEWITHSUNDEEP
ruby-on-railsdigital-oceanubuntu-serverrvm-capistrano
ihtishaam ahmed
ihtishaam ahmed

Reputation: 409

Missing `secret_key_base` for 'production' environment, set this value in config/secrets.yml on Ubuntu Server

So on Ubuntu server I am getting this in my logs:

#<RuntimeError: Missing `secret_key_base` for 'production' 
       environment, set this value in `config/secrets.yml`>
      /home/deploy/apps/project/shared/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/application.rb:510:in `validate_secret_key_config!'
      /home/deploy/apps/project/shared/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/application.rb:247:in `env_config'```

My Browser:

An unhandled lowlevel error occurred. The application logs may have details.

My secrets.yml (in deploy/apps/project/current/config & deploy/apps/project/shared/config):

production:
      secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

deploy.rb

...
namespace :deploy do
    desc 'Rails Secrets'
    task :secret do
      on roles(:app) do
        execute "export SECRET_KEY_BASE=`bundle exec rake secret`"
      end
    end
    before :finishing,  :secret
    ...
end

I have also tried manually adding the SECRET_KEY_BASE in /etc/profile. It is present when I type this command: printenv (because I manually added it), but when logging out of root it is not present anymore in printenv.

The ENV variable is not present in the printenv command. After I carry out a deployment (cap production deploy:initial).

How do I resolve this error?

Upvotes: 4

Views: 6913

Answers (2)

Bjoern Rennhak
Bjoern Rennhak

Reputation: 6936

How do I resolve this error?

The first thing I notice is 

secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

I suspect you don't need the ERB template invocation.

secret_key_base: ENV["SECRET_KEY_BASE"]

The ENV variable is not present in the printenv command. After I carry out a deployment

Secondly, I wonder if a new shell is forked in your chain. If so, then the shell set variables will not be available because the new forked shell naturally doesn't have it. So, the only way around is by setting the things in eg. $HOME/.profile or your shells profile.

Thirdly, I would opt to use some kind of helper gem to deal with this. There are some such as eg. Figaro and here is a simple article showing you how to use it.

I have also tried manually adding the SECRET_KEY_BASE in /etc/profile

Adding things to /etc/profile is a bad idea. It is used to set system wide environmental variables on users shells. What you want is probably $HOME/.profile.

when logging out of root

I would strongly advise against running things under root as it defeats the entire GNU/Linux security setup. If you must pretend to run things as root, use a vanilla user account with eg. fakeroot.

execute "export SECRET_KEY_BASE=bundle exec rake secret"

Handling secrets this way is a bit clunky, not very secure nor convenient. Arguably the gold standard currently is Hashicorp's Vault which also has a nice Rails adapter.

This kind of system has specifically been designed with security in mind. Maybe overkill for your current situation, but I thought it worth mentioning.

Good luck and hope this writeup helps!

Upvotes: 2

Luiz E.
Luiz E.

Reputation: 7229

Seems like the user that you are logged in is not the same user that you've used to add the secret key base. You are logged as root but I don't think you are deploying nor starting the server with root, right?

If you are a deploying with a user called deploy so to say, you should log in as deploy and add the env var to deploy's context (e.g. ~/.bashrc). I'm not 100% sure that /etc/profile will work here. Also, remember to restart the rails server after add the var

Upvotes: 2

Related Questions