To store credentials, Rails offers a command line tool to store credentials
$ rails credentials:edit
So, at some later point, you might want to setup or edit a credentials file for development:
$ rails credentials:edit -e development
And then you want to check the credentials file for production
$ rails credentials:edit -e production
and then think wait... it's empty. So next you exit the editor. If you then happen to restart the production webserver you get a wall of text displayed and at the end you see the error message:
Missing
secret_key_base
for 'production' environment, set this string withrails credentials:edit
(ArgumentError)
The next part of the gotcha is if you actually look into your credential file again as the error message stated:
$ rails credentials:edit
There's your secret_key_base that Rails has set up for you. So what the heck is going on? When you run this command, it will edit your master credentials, they are:
config/master.key
config/credentials.yml
Master credentials vs. production credentials
So, when you execute
$ rails credentials:edit -e production
it will create 2 files:
config/credentials/production.key
config/credentials/production.yml.enc
Important Notes:
- It will even write those files if you exit your editor without saving!
- If Rails finds those two files for production in config/credentials/, it will look no further and will not use the master credentials.
My solution
I deleted the 2 files:
$ rm config/credentials/production.key
$ rm config/credentials/production.yml.enc
As alternative you could port over all credentials into the other file; but I had difficulties doing so because I couldn't copy+paste the buffer from vim (using the decryption wrapper) as I couldn't open the other credential files as buffer directly.