How to solve error "Missing `secret_key_base` for 'production' environment" (Rails 4.1)
I had the same problem and solved it by creating an environment variable to be loaded every time I logged in to the production server, and made a mini-guide of the steps to configure it:
I was using Rails 4.1 with Unicorn v4.8.2 and when I tried to deploy my application it didn't start properly and in the unicorn.log
file I found this error message:
app error: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml` (RuntimeError)
After some research I found out that Rails 4.1 changed the way to manage the secret_key
, so if you read the secrets.yml
file located at exampleRailsProject/config/secrets.yml
you'll find something like this:
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
This means that Rails recommends you to use an environment variable for the secret_key_base
in your production server. In order to solve this error you should follow these steps to create an environment variable for Linux (in my case Ubuntu) in your production server:
In the terminal of your production server execute:
$ RAILS_ENV=production rake secret
This returns a large string with letters and numbers. Copy that, which we will refer to that code as
GENERATED_CODE
.Login to your server
If you login as the root user, find this file and edit it:
$ vi /etc/profile
Go to the bottom of the file using Shift+G (capital "G") in vi.
Write your environment variable with the
GENERATED_CODE
, pressing i to insert in vi. Be sure to be in a new line at the end of the file:$ export SECRET_KEY_BASE=GENERATED_CODE
Save the changes and close the file using Esc and then "
:x
" and Enter for save and exit in vi.But if you login as normal user, let's call it "
example_user
" for this gist, you will need to find one of these other files:$ vi ~/.bash_profile $ vi ~/.bash_login $ vi ~/.profile
These files are in order of importance, which means that if you have the first file, then you wouldn't need to edit the others. If you found these two files in your directory
~/.bash_profile
and~/.profile
you only will have to write in the first one~/.bash_profile
, because Linux will read only this one and the other will be ignored.Then we go to the bottom of the file using Shift+G again and write the environment variable with our
GENERATED_CODE
using i again, and be sure add a new line at the end of the file:$ export SECRET_KEY_BASE=GENERATED_CODE
Having written the code, save the changes and close the file using Esc again and "
:x
" and Enter to save and exit.
You can verify that our environment variable is properly set in Linux with this command:
$ printenv | grep SECRET_KEY_BASE
or with:
$ echo $SECRET_KEY_BASE
When you execute this command, if everything went ok, it will show you the
GENERATED_CODE
from before. Finally with all the configuration done you should be able to deploy without problems your Rails application with Unicorn or some other tool.
When you close your shell and login again to the production server you will have this environment variable set and ready to use it.
And that's it! I hope this mini-guide helps you solve this error.
Disclaimer: I'm not a Linux or Rails guru, so if you find something wrong or any error I will be glad to fix it.
I'm going to assume that you do not have your secrets.yml
checked into source control (ie. it's in the .gitignore
file). Even if this isn't your situation, it's what many other people viewing this question have done because they have their code exposed on Github and don't want their secret key floating around.
If it's not in source control, Heroku doesn't know about it. So Rails is looking for Rails.application.secrets.secret_key_base
and it hasn't been set because Rails sets it by checking the secrets.yml
file which doesn't exist. The simple workaround is to go into your config/environments/production.rb
file and add the following line:
Rails.application.configure do
...
config.secret_key_base = ENV["SECRET_KEY_BASE"]
...
end
This tells your application to set the secret key using the environment variable instead of looking for it in secrets.yml
. It would have saved me a lot of time to know this up front.
Add config/secrets.yml
to version control and deploy again. You might need to remove a line from .gitignore
so that you can commit the file.
I had this exact same issue and it just turned out that the boilerplate .gitignore
Github created for my Rails application included config/secrets.yml
.