Rails credentials returning nil

Question

I have a Rails 6.0.0rc2 app and I'm having trouble reading my credentials.

When I do rails credentials:edit I can add credentials and they're saving just fine.

aws:
  access_key_id: 123
  secret_access_key: 345

However, when I run a console and try reading the credentials I get the following:

Rails.application.credentials[:aws]
  => nil 

or

Rails.application.credentials.aws[:access_key_id]
Traceback (most recent call last):
    1: from (irb):2
NoMethodError (undefined method `[]' for nil:NilClass)

or

Rails.application.credentials[:aws][:access_key_id]
Traceback (most recent call last):
    1: from (irb):3
NoMethodError (undefined method `[]' for nil:NilClass)

No matter what I try my credentials always seem to be nil.

If I run Rails.application.credentials.secret_key_base I get the correct result, so the file can be read just fine.

Answer 1

I don't really know what was the hack in this but at first, I ran this command

EDITOR='gedit' rails credentials:edit 

which will create the master.key and credentials.yml.enc files. After adding some values in credentials.yml.enc file I was unable to get values via

Rails.application.credentials.dig(:test_var)

so I ran the former command with a bit change

EDITOR='gedit' rails credentials:edit --environment development

The upper command will create development.key and development.yml.env in config/credentials/ folder. And now the Rails.application.credentials.dig(:test_var) is able to get value of test_var key although I have deleted the whole config/credentials/ folder.

I don't really know what was the hack here but this was the whole scenario which solved my problem.

Answer 2

I was facing the same issue. I had updated credentials file using sublime. Even on restarting the server I was unable to make the changes. I closed the terminal and then it started reflecting the changes.

Answer 3

I ran into a similar issue, though I'm not sure if it's the same as yours. If your access_key has reserved characters in it, it will not be parsed properly. Even a character like "!", will cause problems. In the credentials.yml.enc file, wrap your values in quotes. When you access those values, use the dump method to escape the problematic characters. So in your case, Rails.application.credentials[:aws][:access_key_id].dump

Answer 4

I ran into the same issue too. For me I restarting the Rails server fixed the problem.

Chances are the server either doesn't pick up the changes automatically, or that the server needs to be restarted whenever you create a new credentials.yml.enc file.

Answer 5

I just ran into this myself, and the way I was able to access the data was to make a helper method such as:

  def credentials
    Rails.application.credentials[:aws]&.with_indifferent_access
  end

Then using credentials[:access_key_id] I was able to access the inner keys. If I tried doing Rails.application.credentials[:aws] from the controller I was in, it did not work, but if I used the helper method it did. 🤷🏻‍♀️

Maybe this will help someone, or maybe this was just my luck. I banged my head on it for about 4 hours.

Answer 6

I found that Rails.application.credentials.dig(:aws, :access_key_id) does not work, however, if you remove the ':aws, ' and use Rails.application.credentials.dig(:access_key_id), it will pull the value for the item in the secrets file named 'access_key_id:'.

Answer 7

Have you tried using dig?

https://ruby-doc.org/core-2.3.0_preview1/Hash.html#method-i-dig

Something like this might work:

Rails.application.credentials.dig(:aws, :access_key_id)