Rails: How to fix "Missing secret_key_base for 'production' environment"

Keep default the secrets.yml file

# config/secrets.yml
production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
  aws_secret: abcde
  some_password: abcdex

development:
  secret_key_base: static_secret_key
  aws_secret: abcde

test:
  secret_key_base: static_test_secret_key


#not_indented: key for all env in once
secret_key_base: global_key_for_all_env
RAILS_ENV=production SECRET_KEY_BASE=production_test_key rails c

If using Rails 5.2.0, add to production env below, check this LINK

config.require_master_key = true    #config/environments/production.rb

Rails 5.2.0 requires an extra stage for the production environment:

config.require_master_key = true    # in config/environments/production.rb

Without it, Rails still falls back to the legacy secret.yml mechanism (for now).

Engine Yard's Christopher Rigor has written a concise post on it. The relevant piece:

Reading the Credentials

If you want to use the credentials in the production environment, add the following to config/environments/production.rb

config.require_master_key = true

A good read to also see up and down sides.

Note: As @TomDogg found out, Rails 5.2.1 seems again different, so this answer may only apply to 5.2.0.


config/credentials.yml.enc:

development:
  some_username: XXXXXXXXX
  some_password: YYYYYYYYY

test:
  some_username: XXXXXXXXX
  some_password: YYYYYYYYY

production:
  some_username: XXXXXXXXX
  some_password: YYYYYYYYY

secret_key_base: ZZZZZZZZZ
# `secret_key_base:` must NOT be indented !
# It must be put at the very start of a new line.
# There is also no need for it in development or test environment,
#   since there are no attacks to be expected.

Also make sure that you respect all YAML indention rules (i.e. 2 spaces only) as failing to do so my make loading of this file fail silently.