Rails 6.0 adds support for multi-environment credentials. Here’s a quick summary of how it works:
By default, behavior is the same as Rails 5.2. To configure credentials for another enviornment, just add --environment <env>.
rails credentials:show [--environment <env>]
rails credentials:edit [--environment <env>]
Example: rails credentials:edit --environment production
(Hint: RAILS_ENV=<env> rails credentials:show won’t work. --environment must be used instead.)
How Rails behaves
Rails continues to use the 5.2-compatible files (config/master.key & config/credentials.yml.enc) in the absence of an environment-specific file.
If an environment-specific file is available, then that is used instead (and the default file is ignored – they are not merged). This is convenient when you want multiple environments, eg: development and test, to both use the same file. In this example, use the default file for those two environments, and then provide an environment-specific file for production only.
For reference, Rails will look in the following places for the master key for decryption:
And it will look for the actual encrypted credentials at these locations:
I recently started a new Rails 5.1 project. I wanted to try out webpacker, which is now at version 3. Turns out, the webpacker team has been working hard to simplify things and they’ve accomplished quite a bit. Most posts online talk about v1 or v2, and they include a lot more steps than are now necessary.
I’m busy upgrading several apps to Rails 4.0. As is to be expected, there are a few gotchas here and there. Most are documented somewhere… deep in a changelog… mixed in with dozens of other things that probably won’t bite you.
I’ve been posting some of my notes along the journey. This particular post will serve as a central reference point, a table of contents of sorts, and will just contain links to other posts. I’ll try to keep it updated as I add new posts.