Rails Encrypted Secrets 5.2 - Cheat Sheet
A cheat sheet for myself to refer to it, when required. It may benefit you as well. HTH.
To Use it:
-
Add the following to enable in your production environment:
config/environments/production.rb
:config.require_master_key = true
-
To edit the secrets run:
EDITOR="subl --wait" bin/rails credentials:edit
and save your file. subl
stands for sublime (which is the text editor that I use). You can substitute your favourite editor in its stead.
- Save the file much like a yaml file:
foo: bar
google:
service: GCS
credentials:
type: "service_account"
project_id: 123
private_key_id: 123
private_key: "-----BEGIN PRIVATE KEY-----\n-hahahahha-\n-hahaha-\n-----END PRIVATE KEY-----\n"
client_email: abc@abc.com
client_id: 123
auth_uri: 123
token_uri: 123
auth_provider_x509_cert_url: 123
client_x509_cert_url: 123
project: abc
bucket: panel-status
Access it like this:
Rails.application.credentials.google[:credentials][:type]
Rails.application.credentials.google[:service]
# Notice the .join("\\n" on the end. Also notice that the private key is a double quoted string.
Rails.application.credentials.google[:credentials][:private_key].join("\\n")
Key Features (Pun intended)
-
Secrets stored here:
config/credentials.yml.enc
-
Secret key is stored here:
config/master.key
-
Please do not add your secret key to your git repository. It should be listed in your .gitignore file.
Written on September 5, 2018