DEV Community

loading...
Cover image for The power of Rails master.key

The power of Rails master.key

Raynaldo Sutisna
Full Stack Developer
・2 min read

Introduction

Have you ever thought about where is the best place to put your JWT secret key, API Key, or any secret data in your project?

The answer to this question is inside the .config/credentials.yml.enc file.

alt text

Yes, this file is encrypted, so that's why we can push .config/credentials.yml.enc file to the git repository.

Editing credentials.yml.enc

Run this code in the terminal

#VS Code
EDITOR="code --wait" rails credentials:edit

#Atom
EDITOR="atom --wait" rails credentials:edit
Enter fullscreen mode Exit fullscreen mode

Your IDE will open a new document that looks like this
alt text

According to rubyonrails.org,

By default, the credentials file contains the application's secret_key_base. It can also be used to store other secrets such as access keys for external APIs.

We can put our other secrets, such as the JWT secret key and API key in here.

jwt:
   secret_key: hello

api: api-key

# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
secret_key_base: ca8bae95decfb752601c30aff9bbe5e7f22587341f8b132765f2fb92ddab9d52d0ebf07b9ef840acce5aeeed9ed513c8329bb8cafdd1de06494a0d69c5466ee7
Enter fullscreen mode Exit fullscreen mode

Don't forget to close the file and it will automatically save. The terminal will show this message.

alt text

Using the credentials

We can call it in .rb file using this code

Rails.application.credentials.jwt[:secret_key] # hello
Rails.application.credentials.api # api-key
Enter fullscreen mode Exit fullscreen mode

For testing purposes, you can run it in the rails console
alt text

Deploying the master.key to Heroku

master.key is needed everywhere, and we should make sure that our team members also get this master.key file. When we want to deploy to the server, we should put what is inside the master.key to the environment variable.

According to rubyonrails.org,

Rails uses config/master.key or alternatively looks for the environment variable ENV["RAILS_MASTER_KEY"] to encrypt the credentials file.

Run this in the terminal

heroku config:set RAILS_MASTER_KEY=`cat config/master.key`
Enter fullscreen mode Exit fullscreen mode

If Heroku send this error
alt text
, you should include your Heroku app name like this

heroku config:set RAILS_MASTER_KEY=`cat config/master.key` --app 'heroku app name'
Enter fullscreen mode Exit fullscreen mode

Check this post to learn how to deploy your rails project.

Keep your master.key safe!

You can't lost and change your master.key, or your credentials can't be opened.

alt text

However, you can create your new .config/credentials.yml.enc and .config/master.key again by running this command in your terminal.

rails credentials:edit
Enter fullscreen mode Exit fullscreen mode

Conclucion

I was so happy after I found this way to save my credentials. This is really helpful for keep safe your credentials. I hope this blog will be helpful, and please leave your comments if you have any questions!

Discussion (0)

Forem Open with the Forem app