If your master.key has been compromised, you might want to regenerate it.
No key regeneration feature at the moment. We have to do it manually.
- Copy content of original credentials
rails credentials:show
somewhere temporarily. - Remove
config/master.key
andconfig/credentials.yml.enc
- Run
EDITOR=vim rails credentials:edit
in the terminal: This command will create a newmaster.key
andcredentials.yml.enc
if they do not exist. - Paste the original credentials you copied (step 1) in the new credentials file (and save + quit vim)
- Add and Commit the file
config/credentials.yml.enc
Important
- Make sure
config/master.key
is listed in.gitignore
and NOT tracked by git. - The command
EDITOR=vim rails credentials:edit
might not work if you require credential value in some file (initializers
ordatabase.yml
). I had the problem withdevise.rb
. I just uncommented the linesecret_key = ...
just the time to run the command to regenerate the credentials file, and then commented the line out again. - If you want to use Sublime to edit the credentials, you can replace the command
EDITOR=vim rails credentials:edit
byEDITOR="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl -w" rails credentials:edit
source: https://blog.eq8.eu/til/rails-52-credentials-tricks.html