Rails Encrypted Secrets 5.2 - Cheat Sheet

A cheat sheet for myself to refer to it, when required. It may benefit you as well. HTH.

To Use it:

  • Add the following to enable in your production environment: config/environments/production.rb: config.require_master_key = true

  • To edit the secrets run:

EDITOR="subl --wait" bin/rails credentials:edit

and save your file. subl stands for sublime (which is the text editor that I use). You can substitute your favourite editor in its stead.

  • Save the file much like a yaml file:
foo: bar

google:
  service: GCS
  credentials:
    type: "service_account"
    project_id: 123
    private_key_id: 123
    private_key: "-----BEGIN PRIVATE KEY-----\n-hahahahha-\n-hahaha-\n-----END PRIVATE KEY-----\n"
    client_email: abc@abc.com
    client_id: 123
    auth_uri: 123
    token_uri: 123
    auth_provider_x509_cert_url: 123
    client_x509_cert_url: 123
  project: abc
  bucket: panel-status

Access it like this:

Rails.application.credentials.google[:credentials][:type]
Rails.application.credentials.google[:service]

# Notice the .join("\\n" on the end. Also notice that the private key is a double quoted string.

Rails.application.credentials.google[:credentials][:private_key].join("\\n")

Key Features (Pun intended)

  • Secrets stored here: config/credentials.yml.enc

  • Secret key is stored here: config/master.key

  • Please do not add your secret key to your git repository. It should be listed in your .gitignore file.

Written on September 5, 2018