Reputation: 621
Using credentials.yml with Rails and Heroku
I have an app on Rails 5.2 and it was previously hosted on DigitalOcean, but I need to host it on heroku. I've been reading that heroku can't read Credentials.yml of because it's on gitignore and of course I don't want it public.
So my key variables are like this (and example with redis):
host: Rails.application.credentials.redis_host,
password: Rails.application.credentials.redis_password
Heroku can't read this. So my question is what is the best approach to change that in to heroku ENV variables? Do I need to edit all my current keys (there about 340) to ENV['SOMEKEY']?
I'll appreciate you help!
Upvotes: 16
Views: 7458
Answers (2)
Reputation: 15258
Rails 6 introduced built-in support for multiple environment credentials
It can be very convenient to keep different secrets for different environments
To create credentials for production environment, we can run the following command
EDITOR=vim rails credentials:edit --environment production
The above command does the following:
creates
config/credentials/production.keyif missing (don't commit this file, add to.gitignoreif such record is absent)creates
config/credentials/production.yml.encif missing (cmmit this file)decrypts and opens the production credentials file in vim (you can specify other editor)
And finally we can use these secrets on Heroku
heroku config:set RAILS_MASTER_KEY=`cat config/credentials/production.key`
Upvotes: 4
Reputation: 3729
Create credentials.yml and master key:
rails credentials:edit
Edit credentails:
EDITOR=vim rails credentials:edit
WORKING WITH VIM:
- For inserting
- Press i //Do required editing
- For exiting Press Esc
- :wq //for exiting and saving
- :q! //for exiting without saving
EXAMPLE OF HOW CREDENTIALS.YML can look:
development:
github:
client: acascascsacascascasc
secret: vdsvsvg34g34g
production:
github:
client: 34g3rvv
secret: erberb43
FIND A CREDENTIAL:
rails c
Rails.application.credentials.dig(:aws, :access_key_id)
or if an env variable is used
Rails.application.credentials[Rails.env.to_sym][:aws][:access_key_id]
The credentials.yml file should NOT be in gitignore.
The master key that decrypts the credentials SHOULD be in gitignore.
To set your master key in production:
heroku config:set RAILS_MASTER_KEY=123456789
or
heroku config:set RAILS_MASTER_KEY=`cat config/master.key`
That's all you need to know about credentials in Ruby on Rails. Good luck :)
Update: I've created a screencast covering the topic :)
Upvotes: 46
Related Questions
- Creating environment variables with Rails 6 and Heroku
- How to work with Rails Credentials in Productions Environments?
- Using Environment Variables as Credentials on Heroku
- Heroku.yml file. How to pass environment variables from .env file?
- How to load env variables from yml file to Heroku?
- Pass temporary ENV variables to Heroku
- How do I reference Heroko Config Variables in Rails App
- Rails 5.2 credentials.yaml.enc and master.key not working on Heroku
- Rails ENV Variables
- Performing operations on heroku ENV vars in rails