If your master.key has been compromised, you might want to regenerate it.
No key regeneration feature at the moment. We have to do it manually.
- Copy content of original credentials
rails credentials:show
somewhere temporarily. - Remove
config/master.key
andconfig/credentials.yml.enc
- Run
EDITOR=vim rails credentials:edit
in the terminal: This command will create a newmaster.key
andcredentials.yml.enc
if they do not exist. - Paste the original credentials you copied (step 1) in the new credentials file (and save + quit vim)
- Add and Commit the file
config/credentials.yml.enc
Important
- Make sure
config/master.key
is listed in.gitignore
and NOT tracked by git. - The command
EDITOR=vim rails credentials:edit
might not work if you require credential value in some file (initializers
ordatabase.yml
). I had the problem withdevise.rb
. I just uncommented the linesecret_key = ...
just the time to run the command to regenerate the credentials file, and then commented the line out again. - If you want to use Atom to edit the credentials, you can replace the command
EDITOR=vim rails credentials:edit
with:$ EDITOR="atom --wait" rails credentials:edit
- To set the ENV variable within Heroku, run:
$ heroku config:set RAILS_MASTER_KEY=`cat config/master.key`
- To set the ENV variable within TravisCI, run:
$ travis encrypt RAILS_MASTER_KEY=`cat config/master.key` --add env
source: https://blog.eq8.eu/til/rails-52-credentials-tricks.html
source: https://medium.com/craft-academy/encrypted-credentials-in-ruby-on-rails-9db1f36d8570