Rails 6: How to use multi-environment credentials

Rails 6.0 adds support for multi-environment credentials. Here’s a quick summary of how it works:

By default, behavior is the same as Rails 5.2. To configure credentials for another enviornment, just add --environment <env>.

Available commands

Example: rails credentials:edit --environment production

(Hint: RAILS_ENV=<env> rails credentials:show won’t work. --environment must be used instead.)

How Rails behaves

Rails continues to use the 5.2-compatible files (config/master.key & config/credentials.yml.enc) in the absence of an environment-specific file.

If an environment-specific file is available, then that is used instead (and the default file is ignored – they are not merged). This is convenient when you want multiple environments, eg: development and test, to both use the same file. In this example, use the default file for those two environments, and then provide an environment-specific file for production only.

For reference, Rails will look in the following places for the master key for decryption:

And it will look for the actual encrypted credentials at these locations:

tags: rails, rails 6