I love how rails handles credentials out of the box.
I'm a big fan of blackbox for non-rails projects. Storing encrypted credentials in your repo is awesome. It is a novel and underrated approach.
Rails has a similar, charmingly simpler implementation of blackbox.
In a rails 6.0+ project, you have. . .
config/credentials.yml.enc: the encrypted creds file
config/master.key: key file used to encrypt the creds file (should be .gitignored)
To update your credentials, you run
bin/rails credentials:edit. This automatically decrypts the credentials, allows you to edit them, and re-encrypts them upon exit of your text editor.
One caveat is that cloud environments won't have the
master.key, since it is .gitignored. To pull it in to your cloud env, you can do one of the following:
- set an env var (
RAILS_MASTER_KEY), to the contents of
- copy your local
/config/master.keyin your cloud env.