A script to update encrypted secrets to use improved encryption.

upgrade_encrypted_secrets.rb

# Download this to your Rails app directory and run with:
# bin/rails runner upgrade_encrypted_secrets.rb

# Everything below here is private API and not something your app should use.
Rails::Secrets.singleton_class.prepend Module.new {
  def decrypt(data)
    cipher = OpenSSL::Cipher.new("aes-256-cbc").decrypt
    cipher.key = key
    cipher.update(data) << cipher.final
  end
}

puts "Generating a new higher entropy encryption key in config/secrets.yml.key."
puts "Rotate the encryption key now."

decrypted_secrets = Rails::Secrets.read
File.binwrite("config/secrets.yml.key", Rails::Secrets.generate_key)
Rails::Secrets.write(decrypted_secrets)

Hi, I got this:

root@2ce6de1399c1:/app# rails runner upgrade_encrypted_secrets.rb
Running via Spring preloader in process 326
Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
upgrade_encrypted_secrets.rb:9:in `final': wrong final block length (OpenSSL::Cipher::CipherError)
	from upgrade_encrypted_secrets.rb:9:in `decrypt'
	from /bundle/gems/railties-5.1.4/lib/rails/secrets.rb:59:in `read'
	from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
	from /bundle/gems/railties-5.1.4/lib/rails/commands/runner/runner_command.rb:34:in `load'
	from /bundle/gems/railties-5.1.4/lib/rails/commands/runner/runner_command.rb:34:in `perform'
	from /bundle/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
	from /bundle/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
	from /bundle/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
	from /bundle/gems/railties-5.1.4/lib/rails/command/base.rb:63:in `perform'
	from /bundle/gems/railties-5.1.4/lib/rails/command.rb:44:in `invoke'
	from /bundle/gems/railties-5.1.4/lib/rails/commands.rb:16:in `<top (required)>'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `require'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `block in require'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:258:in `load_dependency'
	from /bundle/gems/activesupport-5.1.4/lib/active_support/dependencies.rb:292:in `require'
	from /app/bin

Hi, I am getting this error regarding RAILS_MASTER_KEY. This is the same issue that I am having when I deploy on heroku.

Generating a new higher entropy encryption key in config/secrets.yml.key.
Rotate the encryption key now.
C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:77:in `handle_missing_key': Missing encryption key to decrypt secrets with. Ask your team for your master key and put it in ENV["RAILS_MASTER_KEY"]
(Rails::Secrets::MissingKeyError)
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:38:in `key'
        from upgrade_encrypted_secrets.rb:8:in `decrypt'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/secrets.rb:59:in `read'
        from upgrade_encrypted_secrets.rb:16:in `<top (required)>'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands/runner/runner_command.rb:34:in `load'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands/runner/runner_command.rb:34:in `perform'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/command/base.rb:63:in `perform'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/command.rb:44:in `invoke'
        from C:/Ruby24-x64/lib/ruby/gems/2.4.0/gems/railties-5.1.6/lib/rails/commands.rb:16:in `<top (required)>'
        from bin/rails:9:in `require'
        from bin/rails:9:in `<main>'