Assumption : Rails v6+, Nova editor || Sublime v3+ editor
Even the most mundane of Rails application will have some secrets, secrets that are used to configure APIs and or encryption. The problem is, how to manage these secrets without having to use third party gems or hacks.
This post will walk you through the 4 steps to implement secrets in a Rails 6+ app.
Step 1 : Configure Editor
The goal of this step is to configure your editor such that it can be launched from the terminal. Personally I use Nova and Sublime, so I'll include instructions for these two editors.
Nova
Assuming you have Nova installed into the Applications Folder. The good news is that Nova auto configures itself with a symlink of nova
. Another great reason for investing in this editor. Nothing to do - move along.
Sublime 3
Assuming you have Sublime 3 installed into the Applications Folder. The following command will create a symlink sublime
that will launch the editor.
ln -s "/Applications/Sublime Text.app/Contents/SharedSupport/bin/subl" /usr/local/bin/sublime
Step 2 : Secure master.key
/config/master.key
contains the encryption key used to encrypt and decrypt /config/credentials.yml.enc
. It is critical that you ensure this file is listed in your app .gitignore
file.
Edit .gitignore
make sure that it contains /config/master.key
Assumption : Github
Double check, take a look in your github repo. You do not want to see the file master.key
in your repo.
Step 3 : How to edit credentials.yml.enc
/config/credentials.yml.enc
is an encrypted file where you can securely store configurations like API keys and passwords, bacsically your app secrets.
The following shell command will edit the credentials.yml.enc
file using your favoured text editor.
Nova : EDITOR="nova --wait" bin/rails credentials:edit
Sublime : EDITOR="sublime --wait" bin/rails credentials:edit
NOTE : The file is only saved when you either quit the editor - or - you press ENTER in your terminal window.
Press [Return] when finished editing...
Step 4 : Example secrets
mailgun:
api_key: 99d6ff613389ab444e83830fe1d1499-09001d55-61db8474
domain: email.somedomain.com
api_host: api.eu.mailgun.net
Notice the mailgun values, how you can "namespace" values.
Here is an example of how you use these secret values.
/config/environments/development.rb
config.action_mailer.mailgun_settings = {
api_key: Rails.application.credentials.mailgun[:api_key],
domain: Rails.application.credentials.mailgun[:domain],
api_host: Rails.application.credentials.mailgun[:api_host]
}
End.