How to use Credentials in Ruby on Rails 6? TLDR
See complete version of this article
- create credentials & edit:
rails credentials:edit
EDITOR=vim rails credentials:edit
config/credentials.yml
example:
awss3:
access_key_id: YOUR_CODE_FOR_S3_STORAGE
secret_access_key: YOUR_CODE_FOR_S3_STORAGE
google_analytics: YOUR_CODE_FOR_GOOGLE_ANALYTICS
recaptcha:
site_key: YOUR_CODE_FOR_RECAPTCHA
secret_key: YOUR_CODE_FOR_RECAPTCHA
google_oauth2:
client_id: YOUR_CODE_FOR_OAUTH
client_secret: YOUR_CODE_FOR_OAUTH
development:
github:
client: YOUR_CODE_FOR_OAUTH
secret: YOUR_CODE_FOR_OAUTH
stripe:
publishable: YOUR_STRIPE_PUBLISHABLE
secret: YOUR_STRIPE_SECRET
production:
github:
client: YOUR_CODE_FOR_OAUTH
secret: YOUR_CODE_FOR_OAUTH
stripe:
publishable: YOUR_STRIPE_PUBLISHABLE
secret: YOUR_STRIPE_SECRET
facebook:
client: YOUR_CODE_FOR_OAUTH
secret: YOUR_CODE_FOR_OAUTH
- working with VIM
To enable editing press i
For exiting with saving press Esc
+ :wq
+ Enter
For exiting without saving press Esc
+ :q!
+ Enter
To make Ctrl+V work properly Esc
+ :set paste
+ Ctrl
+ V
- Example of using credentials in
devise.rb
:
config.omniauth :github, (Rails.application.credentials[:github][Rails.env.to_sym][:id]).to_s, (Rails.application.credentials[:github][Rails.env.to_sym][:secret]).to_s
config.omniauth :google_oauth2, (Rails.application.credentials[:google][:id]).to_s, (Rails.application.credentials[:google][:secret]).to_s
- find a credential
rails c
Rails.application.credentials.dig(:aws, :access_key_id)
Rails.application.credentials[Rails.env.to_sym][:aws][:access_key_id]
- Set
master.key
in production (heroku):
heroku config:set RAILS_MASTER_KEY=123456789
heroku config:set RAILS_MASTER_KEY=`cat config/master.key`
The config/credentials.yml
file should NOT be in gitignore.
The config/master.key
that decrypts the credentials SHOULD be in gitignore.