See complete version of this article

  • create credentials & edit:
rails credentials:edit 
EDITOR=vim rails credentials:edit
  • config/credentials.yml example:
awss3:
  access_key_id: YOUR_CODE_FOR_S3_STORAGE
  secret_access_key: YOUR_CODE_FOR_S3_STORAGE
google_analytics: YOUR_CODE_FOR_GOOGLE_ANALYTICS
recaptcha:
  site_key: YOUR_CODE_FOR_RECAPTCHA
  secret_key: YOUR_CODE_FOR_RECAPTCHA
google_oauth2:
  client_id: YOUR_CODE_FOR_OAUTH
  client_secret: YOUR_CODE_FOR_OAUTH
development:
  github:
    client: YOUR_CODE_FOR_OAUTH
    secret: YOUR_CODE_FOR_OAUTH
  stripe:
    publishable: YOUR_STRIPE_PUBLISHABLE
    secret: YOUR_STRIPE_SECRET
production:
  github:
    client: YOUR_CODE_FOR_OAUTH
    secret: YOUR_CODE_FOR_OAUTH
  stripe:
    publishable: YOUR_STRIPE_PUBLISHABLE
    secret: YOUR_STRIPE_SECRET
facebook:
  client: YOUR_CODE_FOR_OAUTH
  secret: YOUR_CODE_FOR_OAUTH
  • working with VIM

To enable editing press i

For exiting with saving press Esc + :wq + Enter

For exiting without saving press Esc + :q! + Enter

To make Ctrl+V work properly Esc + :set paste + Ctrl + V

  • Example of using credentials in devise.rb:
config.omniauth :github, (Rails.application.credentials[:github][Rails.env.to_sym][:id]).to_s, (Rails.application.credentials[:github][Rails.env.to_sym][:secret]).to_s
config.omniauth :google_oauth2, (Rails.application.credentials[:google][:id]).to_s, (Rails.application.credentials[:google][:secret]).to_s
  • find a credential
rails c
Rails.application.credentials.dig(:aws, :access_key_id)
Rails.application.credentials[Rails.env.to_sym][:aws][:access_key_id]
  • Set master.key in production (heroku):
heroku config:set RAILS_MASTER_KEY=123456789
heroku config:set RAILS_MASTER_KEY=`cat config/master.key`

The config/credentials.yml file should NOT be in gitignore.

The config/master.key that decrypts the credentials SHOULD be in gitignore.

my answer on stackoverflow