Manage encrypted credentials (added in Rails 5.2.0) with multiple environments.
Available as a gem creds
Using Rails command, generate new encrypted file by
bin/rails encrypted:edit config/credentials/production.yml.enc --key config/credentials/production.key
add some content in opened editor (note there is no environment root key, ie no production
):
aws_access_key_id: my-access-key-id
If config/credentials/production.key
doesn't exist yet, run bin/rails generate master_key
and adjust naming to match desired one.
Content of file can be displayed by
bin/rails encrypted:show config/credentials/production.yml.enc --key config/credentials/production.key
Add to config/environments/production.rb
(or any other env)
config.creds = Creds.new("config/credentials/production.yml.enc")
If wants to use key from custom path - by default it checks RAILS_MASTER_KEY
env key and config/master.key
file:
config.creds = Creds.new("config/credentials/production.yml.enc", key_path: "config/credentials/production.key")
In the code:
Rails.configuration.creds.aws_access_key_id
To ease working in development/test environments with the same API, add config/credentials/plain.yml
with key/value pairs
nested under environment name, like:
development:
aws_access_key_id: "aws-key-id"
Then add to config/environments/development.rb
config.creds = Creds.new("config/credentials/plain.yml", env: "development")
In Rails 6.0 it is possible to edit files by rails credentials:edit --environment production
which will look for
config/credentials/production.yml.enc
encrypted by ENV["RAILS_MASTER_KEY"]
or config/credentials/production.key
- To raise error in case of missing key you can add bang to the name, like
Rails.configuration.creds.database_url!
- To list all defined key/value pairs call
config
, likeRails.configuration.creds.config
- Plain text file can embed Ruby (
<%= %>
), but not encrypted one - If
secret_key_base
is specified in credentials file, it will be assigned toRails.configuration.secret_key_base
, as it is required by Rails
After checking out the repo, run bin/setup
to install dependencies. Then, run rake test
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/freeletics/creds
The gem is available as open source under the terms of the MIT License.