Manage encrypted credentials (added in Rails 5.2.0) with multiple environments.
Available as a gem
Using Rails command, generate new encrypted file by
bin/rails encrypted:edit config/credentials/production.yml.enc --key config/credentials/production.key
add some content in opened editor (note there is no environment root key, ie no
config/credentials/production.key doesn't exist yet, run
bin/rails generate master_key and adjust naming to match desired one.
Content of file can be displayed by
bin/rails encrypted:show config/credentials/production.yml.enc --key config/credentials/production.key
config/environments/production.rb (or any other env)
config.creds = .("config/credentials/production.yml.enc")
If wants to use key from custom path - by default it checks
RAILS_MASTER_KEY env key and
config.creds = .("config/credentials/production.yml.enc", key_path: "config/credentials/production.key")
In the code:
To ease working in development/test environments with the same API, add
config/credentials/plain.yml with key/value pairs
nested under environment name, like:
development: aws_access_key_id: "aws-key-id"
Then add to
config.creds = .("config/credentials/plain.yml", env: "development")
In Rails 6.0 it is possible to edit files by
rails credentials:edit --environment production which will look for
config/credentials/production.yml.enc encrypted by
- To raise error in case of missing key you can add bang to the name, like
- To list all defined key/value pairs call
- Plain text file can embed Ruby (
<%= %>), but not encrypted one
secret_key_baseis specified in credentials file, it will be assigned to
Rails.configuration.secret_key_base, as it is required by Rails
After checking out the repo, run
bin/setup to install dependencies. Then, run
rake test to run the tests. You can also run
bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run
bundle exec rake install. To release a new version, update the version number in
version.rb, and then run
bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the
.gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/freeletics/creds
The gem is available as open source under the terms of the MIT License.