Missing production secret_key_base in rails
For local development
Generate a secret using rails secret
Method #1: Store this secret in your .bashrc
or .zshrc
see https://apple.stackexchange.com/questions/356441/how-to-add-permanent-environment-variable-in-zsh for
Method #2: Use the dotenv Gem
Once you have this gem installed, you then create a .env
file in the root of your Rails app that does NOT get checked-into the source control.
https://github.com/bkeepers/dotenv
Method #3 (if using rhc
Openshift client)
rhc set-env SECRET_KEY_BASE=3dc8b0885b3043c0e38aa2e1dc64******************** -a myapp
For the server Method #1: Heroku
Option 1: Store the SECRET_BASE_KEY directly onto the environment
heroku config:set SECRET_BASE_KEY=xxxx
Option 2: Store the secret encrypted with the app and use the master.key
file to decrypt it.
Method #2: For AWS, use AWS Secret Manager to store the master key.
Method #3: For RHC Openshift
connect to your server via SSH and run env
so you should see your SECRET_KEY_BASE in the list.
Now restart you app rhc app-stop myapp
and rhc app-start myapp
There is another option that should be a little more secure and that is to add it to the Apache/Nginx configuration file. I'm using Apache and have just used:
SetEnv SECRET_KEY_BASE my_secret
Then just leave the secrets.yml file set to:
production: <%= ENV["SECRET_KEY_BASE"] %>
For a production web server I'm not sure it's valid to assume that a .bashrc
file is run and will get your ENV variable set, but I think this way is certain to set it. I'm not and expert so ready to have any risks or reasons why it's not a good idea pointed out to me.
If you're on a normal Ubuntu machine just put export SECRET_KEY_BASE=" <<< output from rake secret here >>> "
in your ~/.bashrc
.
Run source ~/.bashrc
and restart the app.