Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecation - Rails.application.secrets #5644

Closed
BroiSatse opened this issue Oct 20, 2023 · 6 comments · Fixed by #5645
Closed

Deprecation - Rails.application.secrets #5644

BroiSatse opened this issue Oct 20, 2023 · 6 comments · Fixed by #5645

Comments

@BroiSatse
Copy link
Contributor

Environment

  • Ruby 3.2.2
  • Rails 7.1.1
  • Devise 4.9.3

Current behavior

Starting an application yields deprecation warning on Rails.application.secrets

Expected behavior

No deprecation warning

@BroiSatse
Copy link
Contributor Author

Issue is caused by Devise::SecretKeyFinder#find method. Devise is currently trying to find a secret key in credentials, secrets and config before checking the application itself, deprecation warning is triggered on every call to Rails.application.secrets.

Is there any reason why we need SecretKeyFinder any more? I assume it was required to cover various rails version, but now devise dropped support for rails < 6.0, so there's always secret_key_base on application object

@lordsynergy
Copy link

lordsynergy commented Oct 25, 2023

Hello,

I wanted to report that I am facing a similar issue with the deprecation warning related to Rails.application.secrets. However, this issue appears for me only when running tests.

My environment details:

  • Ruby: 3.2.2
  • Rails: 7.1.1
  • Devise: 4.9.3

I would appreciate any assistance or recommendations on how to resolve this issue.

Kind regards,
George S.

@BroiSatse
Copy link
Contributor Author

For those looking for an immediate fix, it is possible to monkey_patch around the issue. Add the following in your initializers/devise.rb:

class Devise::SecretKeyFinder
  def find
    @application.secret_key_base
  end
end

@ckraybill
Copy link

No monkey patching needed, you can just configure Devise's secret_key in your setup:

Devise.setup do |config|
  config.secret_key = ENV['SECRET_KEY_BASE'] # or whatever is your preferred method
end

Devise will only want to use the SecretKeyFinder if it isn't already configured.

@jrochkind
Copy link

Thanks @ckraybill, that's nice! It looks like you can also do this to keep it DRY where you are specifying the secret key base, whether it's ENV or elsewhere:

Devise.setup do |config|
  config.secret_key = Rails.application.secret_key_base
end

jrochkind added a commit to sciencehistory/scihist_digicoll that referenced this issue Nov 21, 2023
tvararu added a commit to nhsuk/manage-vaccinations-in-schools that referenced this issue Nov 24, 2023
It's coming from Devise and can be removed by specifying the
secret_key_base explicitly:
heartcombo/devise#5644
tvararu added a commit to nhsuk/manage-vaccinations-in-schools that referenced this issue Nov 24, 2023
It's coming from Devise and can be removed by specifying the
secret_key_base explicitly:
heartcombo/devise#5644
tvararu added a commit to nhsuk/manage-vaccinations-in-schools that referenced this issue Nov 24, 2023
It's coming from Devise and can be removed by specifying the
secret_key_base explicitly:
heartcombo/devise#5644
scruti added a commit to DFE-Digital/teaching-vacancies that referenced this issue Nov 30, 2023
By default Devise uses its internal SecretKeyFinder library to look up
for the "secret_key_base" value.

Looking for the secrets is deprecated, and raises warnings as metioned
in this issue: heartcombo/devise#5644

The solution is to configure Devise to directly take the secret_key_base
from the Rails application config.
tvararu added a commit to design-history/design-history that referenced this issue Dec 13, 2023
tvararu added a commit to design-history/design-history that referenced this issue Dec 13, 2023
gravitystorm added a commit to gravitystorm/openstreetmap-website that referenced this issue Dec 13, 2023
JunichiIto added a commit to JunichiIto/everydayrails-rspec-jp-2024 that referenced this issue Jan 1, 2024
jcoyne added a commit to sul-dlss/SearchWorks that referenced this issue Jan 31, 2024
To prevent a deprecation warning from devise.  We override this value in deployed environments.
See heartcombo/devise#5644
gravitystorm added a commit to gravitystorm/openstreetmap-website that referenced this issue Jan 31, 2024
gravitystorm added a commit to gravitystorm/openstreetmap-website that referenced this issue Feb 7, 2024
gravitystorm added a commit to gravitystorm/openstreetmap-website that referenced this issue Feb 14, 2024
ybakos added a commit to OregonStateUniversity/ltpbr-explorer that referenced this issue Mar 25, 2024
Rails is producing a deprecation warning when running tests because Devise
is reaching for secrets instead of credentials.

Explicitly set the devise secret key to prevent it from searching in
Rails.application.secrets.

See heartcombo/devise#5644

References #294
Splines added a commit to MaMpf-HD/mampf that referenced this issue Apr 24, 2024
Splines added a commit to MaMpf-HD/mampf that referenced this issue Apr 26, 2024
* Upgrade Rails to v7.1 and run `bundle update`

See the upgrade guide here:
https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html

* Use older version of `html-parser` for `thredded`

See thredded/thredded#979

* Use new `config.autoload_lib` in Rails 7.1

See https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#config-autoload-lib-and-config-autoload-lib-once

Eager loading is on by default for production.

* Remove unused app environment variables usage

The file `config/app_environment_variables.rb` does not exist in our
codebase anymore.

* Run `bin/rails app:update` to update configurations

* Add new framework defaults for Rails 7.1 file

* Update `listen` gem version

This was done because `bin/rails app:update` failed with:
** Execute app:update:active_storage
       rails  active_storage:update
bin/rails aborted!
Gem::LoadError: can't activate listen (~> 3.5), already activated listen-3.0.8.
Make sure all dependencies are added to Gemfile.

* Add TODO note for upcoming serialize change

* Reduce new framework defaults list

* Add migrations introduced by rails update task

* Remove unneeded ActiveStorage migrations

* Remove defaults for sha-256 as we are unaffected

* Use new Rails 7.1 defaults

* Fix TODO rubocop warning

* Update bundler version to 2.5.9

You can do so locally via `bundle update --bundler`

* Remove unnecessary entries in `Gemfile.lock`

Performed automatically via `bundle install`.

* Address `Passing the coder as positional arg` deprecation

This is a followup to rails/rails#47463

* add yaml coder explicitly for serializing arrays

* Migrate from globalize to mobility due to serialization warnings

* Update gem lockfile to include `mobility`

`bundle install` also removed globalize automatically for us.

* Add `I18nLocaleAccessors` as replacement for `globalize_attribute_names`

* Remove obsolete comment regarding `globalize`

* Fix Rails `secrets` deprecation warning (Devise)

This is due to heartcombo/devise#5644.

* Use `install_folder` in cypress on rails

`cypress_folder` is deprecated as config option

---------

Co-authored-by: fosterfarrell9 <28628554+fosterfarrell9@users.noreply.github.com>
goulvench added a commit to betagouv/collectif-objets that referenced this issue Apr 29, 2024
heartcombo/devise#5644

On supprime le secret généré par Devise dans du code commenté parce que GitGuardian s'en offusque.
@dan-jensen
Copy link

For clarity, here's the PR to resolve this issue: #5645. (There were a couple PRs, it seems we should focus on this one.)

Splines added a commit to MaMpf-HD/mampf that referenced this issue May 30, 2024
* Upgrade Rails to v7.1 and run `bundle update`

See the upgrade guide here:
https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html

* Use older version of `html-parser` for `thredded`

See thredded/thredded#979

* Use new `config.autoload_lib` in Rails 7.1

See https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#config-autoload-lib-and-config-autoload-lib-once

Eager loading is on by default for production.

* Remove unused app environment variables usage

The file `config/app_environment_variables.rb` does not exist in our
codebase anymore.

* Run `bin/rails app:update` to update configurations

* Add new framework defaults for Rails 7.1 file

* Update `listen` gem version

This was done because `bin/rails app:update` failed with:
** Execute app:update:active_storage
       rails  active_storage:update
bin/rails aborted!
Gem::LoadError: can't activate listen (~> 3.5), already activated listen-3.0.8.
Make sure all dependencies are added to Gemfile.

* Add TODO note for upcoming serialize change

* Reduce new framework defaults list

* Add migrations introduced by rails update task

* Remove unneeded ActiveStorage migrations

* Remove defaults for sha-256 as we are unaffected

* Use new Rails 7.1 defaults

* Fix TODO rubocop warning

* Update bundler version to 2.5.9

You can do so locally via `bundle update --bundler`

* Remove unnecessary entries in `Gemfile.lock`

Performed automatically via `bundle install`.

* Address `Passing the coder as positional arg` deprecation

This is a followup to rails/rails#47463

* add yaml coder explicitly for serializing arrays

* Migrate from globalize to mobility due to serialization warnings

* Update gem lockfile to include `mobility`

`bundle install` also removed globalize automatically for us.

* Add `I18nLocaleAccessors` as replacement for `globalize_attribute_names`

* Remove obsolete comment regarding `globalize`

* Fix Rails `secrets` deprecation warning (Devise)

This is due to heartcombo/devise#5644.

* Use `install_folder` in cypress on rails

`cypress_folder` is deprecated as config option

* Init dummy Bootstrap nav pills

* Group accordion items into nav pane

* Style pillars & improve accessibility

* Remove accordion wrappers & design lecture content pane

* Center lectures header & improve vertical alignment

* Add margin to bottom of lecture pane

* Internationalize lectures navbar headers

* Decaffeinate `lectures.coffee`

via local CLI of decaffeinate
see https://decaffeinate-project.org/

* Format `lectures.js` according to ESLint

* Remove unnecessary use of Array.from

* Use shorter variations of null checks

* Remove unnecessary Coffeescript comment

* Fix ESLint errors

* Make better use of JS function syntax

* Configure url hashes for bootstrap tabs

Might also be known as "deep linking".

* Simplify url hash update logic

* Remove unused variable `s`

* Use focus listener (not click listener) for accessibility

* Implement many small UI improvements in lectures

* Re-initialize masonry grid system for lecture content

* Remove unnecessary spacing

* Add confirmation dialog to delete forum

* Add scrollbar to announcements list if too long

* Redirect to correct page after creating a new announcement

* Redirect to correct page after "Forum" actions

* Redirect to correct page after "Comments" actions

* Increase bottom margin of lecture pane

* Check if errors are present to avoid nil error

* Fix valid_annotations_status include check

* Only load lectures_admin js related code when needed

We also perform an early return if we no erdbeere examples are searched for, i.e.
when the element is not yet visible on the page.

* Use icons for save/cancel in assignments table

* Fix structures cancel button (erdbeere)

* Improve positioning of "structures" text

* Get rid of unused debug message

* Fix import of media for lectures not working

* Remove TODO note

* Delete unused tags/modal partial rendering

* Stay on subpage upon save action

* Fix broken browser navigation

* Fix weird masonry grid system bug

* Wait until tab content is shown before setting up grid system

---------

Co-authored-by: fosterfarrell9 <28628554+fosterfarrell9@users.noreply.github.com>
runephilosof-abtion added a commit to abtion/rails-template that referenced this issue Jun 25, 2024
Can be reverted once heartcombo/devise#5644 is resolved

Was causing this warning:
https://github.com/abtion/rails-template/actions/runs/9657664443/job/26637340275#step:10:11
> DEPRECATION WARNING: `Rails.application.secrets` is deprecated in favor of `Rails.application.credentials` and will be removed in Rails 7.2. (called from <top (required)> at /home/runner/work/rails-template/rails-template/config/environment.rb:7)
jeppester pushed a commit to abtion/rails-template that referenced this issue Jun 26, 2024
Can be reverted once heartcombo/devise#5644 is resolved

Was causing this warning:
https://github.com/abtion/rails-template/actions/runs/9657664443/job/26637340275#step:10:11
> DEPRECATION WARNING: `Rails.application.secrets` is deprecated in favor of `Rails.application.credentials` and will be removed in Rails 7.2. (called from <top (required)> at /home/runner/work/rails-template/rails-template/config/environment.rb:7)
stanleylhs added a commit to stanleylhs/fat_free_crm that referenced this issue Sep 17, 2024
DEPRECATION WARNING: `Rails.application.secrets` is deprecated in favor of `Rails.application.credentials` and will be removed in Rails 7.2. (called from <top (required)> at /home/slau/fat_free_crm/config/environment.rb:5)

heartcombo/devise#5644
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging a pull request may close this issue.

5 participants