A script to update encrypted secrets to use improved encryption.

upgrade_encrypted_secrets.rb

# Download this to your Rails app directory and run with:
# bin/rails runner upgrade_encrypted_secrets.rb

# Everything below here is private API and not something your app should use.
Rails::Secrets.singleton_class.prepend Module.new {
  def decrypt(data)
    cipher = OpenSSL::Cipher.new("aes-256-cbc").decrypt
    cipher.key = key
    cipher.update(data) << cipher.final
  end
}

puts "Generating a new higher entropy encryption key in config/secrets.yml.key."
puts "Rotate the encryption key now."

decrypted_secrets = Rails::Secrets.read
File.binwrite("config/secrets.yml.key", Rails::Secrets.generate_key)
Rails::Secrets.write(decrypted_secrets)

I get this error:

> rails r upgrade_encrypted_secrets.rb 
Running via Spring preloader in process 30201
Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
/home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/secrets.rb:51:in `binread': No such file or directory @ rb_sysopen - /home/user/app/config/secrets.yml.enc (Errno::ENOENT)
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/secrets.rb:51:in `read'
  from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/commands/runner/runner_command.rb:33:in `load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/commands/runner/runner_command.rb:33:in `perform'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/thor-0.19.4/lib/thor/command.rb:27:in `run'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/command/base.rb:63:in `perform'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/command.rb:44:in `invoke'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/commands.rb:16:in `<top (required)>'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:292:in `require'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:292:in `block in require'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:258:in `load_dependency'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:292:in `require'
  from /home/user/app/bin/rails:9:in `<top (required)>'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:286:in `load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:286:in `block in load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:258:in `load_dependency'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:286:in `load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
  from -e:1:in `<main>'

I get this error:

> rails r upgrade_encrypted_secrets.rb 
Running via Spring preloader in process 30201
Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
/home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/secrets.rb:51:in `binread': No such file or directory @ rb_sysopen - /home/user/app/config/secrets.yml.enc (Errno::ENOENT)
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/secrets.rb:51:in `read'
  from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/commands/runner/runner_command.rb:33:in `load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/commands/runner/runner_command.rb:33:in `perform'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/thor-0.19.4/lib/thor/command.rb:27:in `run'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/command/base.rb:63:in `perform'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/command.rb:44:in `invoke'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/railties-5.1.0.rc1/lib/rails/commands.rb:16:in `<top (required)>'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:292:in `require'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:292:in `block in require'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:258:in `load_dependency'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:292:in `require'
  from /home/user/app/bin/rails:9:in `<top (required)>'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:286:in `load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:286:in `block in load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:258:in `load_dependency'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/gems/2.4.0/gems/activesupport-5.1.0.rc1/lib/active_support/dependencies.rb:286:in `load'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
  from /home/user/.asdf/installs/ruby/2.4.0/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
  from -e:1:in `<main>'

Hi All,
Very good morning,
I am Karan Roy, I am very much new to this filed but i have more curiosity to learn to ruby and rails please help me, How to get into at beginning. I want to make my career into this field.

Thank you,
Regards
Karan Roy

Hi All,
Very good morning,
I am Karan Roy, I am very much new to this filed but i have more curiosity to learn to ruby and rails please help me, How to get into at beginning. I want to make my career into this field.

Thank you,
Regards
Karan Roy

@freshcandidate Hi there!

This file is aimed for advanced users for Rails. If you want to have a shot at Ruby with Rails. I suggest you take this following courses here and here. Good luck!

@freshcandidate Hi there!

This file is aimed for advanced users for Rails. If you want to have a shot at Ruby with Rails. I suggest you take this following courses here and here. Good luck!

@mdesantis the script assumes that you've setup encrypted secrets, otherwise there's nothing to upgrade and you don't need to run the script :)

@mdesantis the script assumes that you've setup encrypted secrets, otherwise there's nothing to upgrade and you don't need to run the script :)

Hi, I got this:

root@2ce6de1399c1:/app# rails runner upgrade_encrypted_secrets.rb
Running via Spring preloader in process 326
Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
upgrade_encrypted_secrets.rb:9:in `final': wrong final block length (OpenSSL::Cipher::CipherError)
	from upgrade_encrypted_secrets.rb:9:in `decrypt'
	from /bundle/gems/railties-5.1.4/lib/rails/secrets.rb:59:in `read'
	from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
	from /bundle/gems/railties-5.1.4/lib/rails/commands/runner/runner_command.rb:34:in `load'
	from /bundle/gems/railties-5.1.4/lib/rails/commands/runner/runner_command.rb:34:in `perform'
	from /bundle/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
	from /bundle/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
	from /bundle/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
	from /bundle/gems/railties-5.1.4/lib/rails/command/base.rb:63:in `perform'
	from /bundle/gems/railties-5.1.4/lib/rails/command.rb:44:in `invoke'
	from /bundle/gems/railties-5.1.4/lib/rails/commands.rb:16:in `<top (required)>'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `require'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `block in require'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:258:in `load_dependency'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `require'
	from /app/bin

Hi, I got this:

root@2ce6de1399c1:/app# rails runner upgrade_encrypted_secrets.rb
Running via Spring preloader in process 326
Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
upgrade_encrypted_secrets.rb:9:in `final': wrong final block length (OpenSSL::Cipher::CipherError)
	from upgrade_encrypted_secrets.rb:9:in `decrypt'
	from /bundle/gems/railties-5.1.4/lib/rails/secrets.rb:59:in `read'
	from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
	from /bundle/gems/railties-5.1.4/lib/rails/commands/runner/runner_command.rb:34:in `load'
	from /bundle/gems/railties-5.1.4/lib/rails/commands/runner/runner_command.rb:34:in `perform'
	from /bundle/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
	from /bundle/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
	from /bundle/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
	from /bundle/gems/railties-5.1.4/lib/rails/command/base.rb:63:in `perform'
	from /bundle/gems/railties-5.1.4/lib/rails/command.rb:44:in `invoke'
	from /bundle/gems/railties-5.1.4/lib/rails/commands.rb:16:in `<top (required)>'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `require'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `block in require'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:258:in `load_dependency'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `require'
	from /app/bin

Hi, I am getting this error regarding RAILS_MASTER_KEY. This is the same issue that I am having when I deploy on heroku.

Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:77:in `handle_missing_key': Missing encryption key to decrypt secrets with. Ask your team for your master key and put it in ENV["RAILS_MASTER_KEY"]
(Rails::Secrets::MissingKeyError)
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:38:in `key'
        from upgrade_encrypted_secrets.rb:8:in `decrypt'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:59:in `read'
        from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands/runner/runner_command.rb:34:in `load'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands/runner/runner_command.rb:34:in `perform'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/command/base.rb:63:in `perform'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/command.rb:44:in `invoke'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands.rb:16:in `<top (required)>'
        from bin/rails:9:in `require'
        from bin/rails:9:in `<main>'

Hi, I am getting this error regarding RAILS_MASTER_KEY. This is the same issue that I am having when I deploy on heroku.

Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:77:in `handle_missing_key': Missing encryption key to decrypt secrets with. Ask your team for your master key and put it in ENV["RAILS_MASTER_KEY"]
(Rails::Secrets::MissingKeyError)
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:38:in `key'
        from upgrade_encrypted_secrets.rb:8:in `decrypt'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:59:in `read'
        from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands/runner/runner_command.rb:34:in `load'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands/runner/runner_command.rb:34:in `perform'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/command/base.rb:63:in `perform'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/command.rb:44:in `invoke'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands.rb:16:in `<top (required)>'
        from bin/rails:9:in `require'
        from bin/rails:9:in `<main>'