Rails encrypted credentials with docker compose

Edit rails encrypted credentials in terminal and docker compose containers. Rails introduced encrypted, version controllable credentials in 5.2 deprecating secrets.yml

Rails encrypted credentials with docker compose

Ruby on Rails 5.2 removed the simple secrets.yml file and replaced it with credentials.yml.enc. This file is encrypted, so it is easy to use in version control. To decrypt this encrypted file there is master.keyin config file which should not be included in version control.

Edit credentials file

Locally installed rails app credentials can be edited with following command

EDITOR=nano rails credentials:edit

EDITOR tells which editor we want to use to edit credentials like some people love vim editor as well.

Sometimes ui-based editors don’t open this way. As we have to wait for the editor to open.
EDITOR="mate --wait" rails credentials:edit

Multiple environments

Rails 6 allowed multiple files for different rails environments. For example, without dependency of environment are saved in config/credentials.yml.enc. But variable which are different for development environment are saved in config/credentials/development.yml.enc and decrypted with key config/credentials/development.key.

So editing for development can be called by:

EDITOR=nano rails credentials:edit --environment development

For more info, visit: https://blog.saeloun.com/2019/10/10/rails-6-adds-support-for-multi-environment-credentials.html

Calling credentials edit in docker compose

When rails is not locally installed but inside a container, then to call a cli method inside a container is a bit different. I use the following command to update the credentials:

docker-compose run --rm -e EDITOR=nano api rails credentials:edit

Here, api is the container name created with docker compose. Furthermore, --rm is being used because run creates a copy of the container, so it will remove the container volume after it is closed.

Happy Coding!