When deploying my first application onto Heroku, I discovered there were quite some challenges as to configuring my repo and Heroku application properly. The main underlying problem came down to the most recent Rails 5.2 Credentials API.
As of Rails 5.2, config/secrets.yml
, config/secrets.yml.enc
and SECRET_BASE_KEY
are no longer being used to store encrypted keys. From now on, you are to use these files instead: config/credentials.yml.enc
and config/master.key
.
How Do I Use These Credentials?
When using an authentication system in Rails, you might be using Rails.application.credentials.secret_key_base
to encrypt your JWT token, cookie, or however your system is setup. This works because in your config/credentials.yml.enc
file you have encrypted keys that secure your authentication system, database, or API. The thing to remember here is that this file is OK to be pushed to your public repo as it is already encrypted.
The next important file is config/master.key
which is where your RAILS_MASTER_KEY will be kept. Now this is a very important file that can never be committed to your source control tool! I can’t stress this enough because this key will give anyone access to your encrypted keys and will leave your application vulnerable to attacks. To avoid this you need to add your…