Ruby on Rails 5.2 removed the simple
secrets.yml file and replaced it with
credentials.yml.enc. This file is encrypted, so it is easy to use in version control. To decrypt this encrypted file there is
master.keyin config file which should not be included in version control.
Edit credentials file
Locally installed rails app credentials can be edited with following command
EDITOR=nano rails credentials:edit
EDITOR tells which editor we want to use to edit credentials like some people love vim editor as well.
Sometimes ui-based editors don’t open this way. As we have to wait for the editor to open.
EDITOR="mate --wait" rails credentials:edit
Rails 6 allowed multiple files for different rails environments. For example, without dependency of environment are saved in
config/credentials.yml.enc. But variable which are different for development environment are saved in
config/credentials/development.yml.enc and decrypted with key
So editing for development can be called by:
EDITOR=nano rails credentials:edit --environment development
Calling credentials edit in docker compose
When rails is not locally installed but inside a container, then to call a cli method inside a container is a bit different. I use the following command to update the credentials:
docker-compose run --rm -e EDITOR=nano api rails credentials:edit
api is the container name created with docker compose. Furthermore,
--rm is being used because run creates a copy of the container, so it will remove the container volume after it is closed.