Published in


Managing Encrypted Secrets(Credentials) 🔐 with Rails6

Photo by Ewan Kennedy on Unsplash


Generally in the application, there are various secret keys and credentials that we need to make use of API keys, Secret keys for eg. AWS CLI login credentials etc.

Let’s talk about rails credentials now,

The way for managing secret keys in the Rails ecosystem itself.
How different this approach is? Well, it will store secrets itself in the application but those are encrypted and to decrypt them we need a master key.

Interacting with credentials:

A set of files were used to manage credentials

  • config/credentials.yml.enc
  • config/master.key

So basically config/credentials.yml.enc is an encrypted file that store credentials, we can safely commit this file to version control systems.

config/master.key contain a key that is used to decrypt config/credentilas.yml.enc This file should be in .gitignore

How To add/update credentials:

By running the following command we can edit/update credentials.

$ EDITOR=vim rails credentials:edit

This command will open the credentials file in decrypted version.

Note: you can change EDITOR anything you want like nano or if you’re in windows use notepad etc.

When we save it, it encrypts again using the same master key.

How To read credentials?

We can access secrets following way,


Rails.application.secrets will retrieve the credentials accordingly to the current rails enviroment.

Note: We need to share samemaster.key to others specifically, so that they can decrypt the secrets.

Managing multi-environment credentials

To create credentials file for other environments like staging, production etc we need to use the following command.

rails credentials:edit --environment production

In Rails6 we can create environment wise secrets and their keys.

This command will create the following files inside the folder of /config

  • config/production.yml.enc
  • config/production.key

For accessing keys we can use the following command



  • By encrypting secrets helps provide data security for sensitive information.
  • Managing secrets for different environments makes it easier.
  • Removes extra overhead for managing secrets.

At Scalereal We believe in Sharing and Open Source.

So, If you found this helpful please give some claps 👏 and share it with everyone.

Sharing is Caring!

Thank you ;)




The latest posts from Professionals at ScaleReal.

Recommended from Medium

CS50 — tutorial 6 Python

Sentiment Analysis Of Collected #F1 Tweets

A Simple Android Picture-in-Picture Video Player Tutorial, using ExoPlayer

how to create beautiful LANTERNS that ARRANGE THEMSELVES into words

How I monitor my Raspberry Pi trackers

How I monitor my Raspberry Pi trackers

ACA 400 — Week 7

Serverless Smart Radio— Part III — Lambda functions

Make Your Windows App for the 1%

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sandesh Bodake

Sandesh Bodake

Software Engineer at scalereal

More from Medium

Container Networking and Opening Container Ports

Real-Time Operating System - A Dynamic Operating System

real time oprating system

What the duck is Docker?

Infrastructure From Code