Using Rails encrypted credentials with database.yml

credentials.yml

# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
secret_key_base: "key generated from <rails secret>"
production:
    database_username: username
    database_password: password

database.yml

# SQLite. Versions 3.8.0 and up are supported.
#   gem install sqlite3
#
#   Ensure the SQLite 3 gem is defined in your Gemfile
#   gem 'sqlite3'
#
default: &default
  adapter: sqlite3
  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
  timeout: 5000

development:
  <<: *default
  database: db/development.sqlite3

# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test:
  <<: *default
  database: db/test.sqlite3

production:
  <<: *default
  adapter: postgresql
  database: <%= ENV['DATABASE_NAME'] %>
  host: <%= ENV['DATABASE_ENDPOINT'] %>
  port: <%= ENV.fetch('DATABASE_PORT', 5432) %>
  username: <%= Rails.application.credentials.dig(:production, :database_username) %>
  password: <%= Rails.application.credentials.dig(:production, :database_password) %>