rails credentials
1 min read

rails credentials

I love how rails handles credentials out of the box.

I'm a big fan of blackbox for non-rails projects. Storing encrypted credentials in your repo is awesome. It is a novel and underrated approach.

Rails has a similar, charmingly simpler implementation of blackbox.

In a rails 6.0+ project, you have. . .

  • config/credentials.yml.enc :  the encrypted creds file
  • config/master.key:  key file used to encrypt the creds file (should be .gitignored)

To update your credentials, you run bin/rails credentials:edit. This automatically decrypts the credentials, allows you to edit them, and  re-encrypts them upon exit of your text editor.

One caveat is that cloud environments won't have the master.key, since it is .gitignored. To pull it in to your cloud env, you can do one of the following:

  • set an env var (RAILS_MASTER_KEY),  to the contents of master.key
  • copy your local master.key to /config/master.key in your cloud env.