skip to Main Content

I have an app on Rails 5.2 and it was previously hosted on DigitalOcean, but I need to host it on heroku. I’ve been reading that heroku can’t read Credentials.yml of because it’s on gitignore and of course I don’t want it public.

So my key variables are like this (and example with redis):

host: Rails.application.credentials.redis_host,
  password: Rails.application.credentials.redis_password

Heroku can’t read this. So my question is what is the best approach to change that in to heroku ENV variables? Do I need to edit all my current keys (there about 340) to ENV[‘SOMEKEY’]?

I’ll appreciate you help!

2

Answers


  1. Create credentials.yml and master key:

    rails credentials:edit 
    

    Edit credentails:

    EDITOR=vim rails credentials:edit
    

    WORKING WITH VIM:

    • For inserting
    • Press i //Do required editing
    • For exiting Press Esc
    • :wq //for exiting and saving
    • :q! //for exiting without saving

    EXAMPLE OF HOW CREDENTIALS.YML can look:

    development:
       github:
          client: acascascsacascascasc
          secret: vdsvsvg34g34g
    production:
       github:
          client: 34g3rvv
          secret: erberb43
    

    FIND A CREDENTIAL:

    rails c
    Rails.application.credentials.dig(:aws, :access_key_id)
    

    or if an env variable is used

    Rails.application.credentials[Rails.env.to_sym][:aws][:access_key_id]
    

    The credentials.yml file should NOT be in gitignore.

    The master key that decrypts the credentials SHOULD be in gitignore.

    To set your master key in production:

    heroku config:set RAILS_MASTER_KEY=123456789
    

    or

    heroku config:set RAILS_MASTER_KEY=`cat config/master.key`
    

    That’s all you need to know about credentials in Ruby on Rails. Good luck 🙂

    Update: I’ve created a screencast covering the topic 🙂

    Login or Signup to reply.
  2. Rails 6 introduced built-in support for multiple environment credentials

    It can be very convenient to keep different secrets for different environments

    To create credentials for production environment, we can run the following command

    EDITOR=vim rails credentials:edit --environment production
    

    The above command does the following:

    • creates config/credentials/production.key if missing (don’t commit this file, add to .gitignore if such record is absent)

    • creates config/credentials/production.yml.enc if missing (cmmit this file)

    • decrypts and opens the production credentials file in vim (you can specify other editor)

    And finally we can use these secrets on Heroku

    heroku config:set RAILS_MASTER_KEY=`cat config/credentials/production.key`
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search