Reputation: 491
Rails Digital ocean Managed App `extract_credentials_provider': missing credentials
I'm swimming into Digital ocean managed app since a couple of weeks. SO far everything is working flawlessly. Today I successfully implemented Active storage with Spaces in my local environment using the following configuration:
storage.yml
test:
service: Disk
root: <%= Rails.root.join("tmp/storage") %>
local:
service: Disk
root: <%= Rails.root.join("storage") %>
digital_ocean:
service: S3
endpoint: https://ams3.digitaloceanspaces.com
access_key_id: <%= Rails.application.credentials.dig(:digital_ocean, :access_key_id) %>
secret_access_key: <%= Rails.application.credentials.dig(:digital_ocean, :secret_access_key) %>
bucket: my-servername
region: unused
production.rb / development.rb
config.active_storage.service = :digital_ocean
Where digital_ocean config in credentials.yml looks like that (before being encrypted) through EDITOR=VI rails credentials:edit
digital_ocean:
access_key_id: the_key
secret_access_key: the_secret
...
Locally, everything works like a charm, so I'm assuming it's not about the configuration itself but more about the deployment phase in DO managed app.
Digital ocean deployment:
[2022-02-13 23:34:45] /layers/heroku_ruby/gems/vendor/bundle/ruby/3.1.0/gems/aws-sigv4-1.4.0/lib/aws-sigv4/signer.rb:627:in `extract_credentials_provider': missing credentials, provide credentials with one of the following options: (Aws::Sigv4::Errors::MissingCredentialsError)
[2022-02-13 23:34:45] - :access_key_id and :secret_access_key
[2022-02-13 23:34:45] - :credentials
[2022-02-13 23:34:45] - :credentials_provider
As the whole S3/Space thing works perfectly locally through the same :access_key_id / :secret_access_key mechanism and I can interact with the space from localhost, i'm assuming this issue happens during deploy because rails is not able to decrypt credentials.yml.enc file, so I tried 3 things without success:
- add a
RAILS_MASTER_KEYenv var at application level - adding master.key during build stage by adding the build command in DO settings with
echo "${RAILS_MASTER_KEY}" > config/master.key - adding master.key on the run stage by prepending the run command such as
echo "${RAILS_MASTER_KEY}" > config/master.key && rails server -p $PORT -e ${RAILS_ENV:-production}
I have been skimming through the internet for hours now and I cannot understand why it would go wrong even tho I'm following all the steps. Something I noticed is the RAILS_MASTER_KEY Env var does not seem to be available as it doesn't appear when I run echo $RAILS_MASTER_KEY in do console, even tho it appears to be set in App Spec env vars:
envs:
- key: RAILS_MASTER_KEY
Any input infinitely appreciated
Upvotes: 0
Views: 212
Answers (1)
Reputation: 491
Mkay, one have to add to digital ocean app ENV variables the folowing requirements of the aws-sdk-ruby gem (used by heroku during deployment), which are:
AWS_ACCESS_KEY_ID=<your DO space access key id>
AWS_SECRET_ACCESS_KEY= <your DO space secret access key>
Hope it helps someone as it's frankly not obvious...
Upvotes: 1
Related Questions
- Rails - Invalid Authenticity Token After Deploy
- Why are my rails credentials for digital ocean spaces not being found after deploying?
- Why I can not use a ready-made credentials?
- Missing `secret_token` and `secret_key_base` for 'development' environment, set these values in `config/secrets.yml`
- Ruby Bundler Authentication Error
- rails credentials not fetching
- Deploying Rails App on Digital Ocean and when running cap production deploy:initial I get back ---> 01 ArgumentError: Missing `secret_key_base`
- Missing `secret_key_base` for 'production' environment, set this value in config/secrets.yml on Ubuntu Server
- Rails: Completed 401 Unauthorized
- RubyonRails- You must set config.secret_key_base in your app's config