Cheat Sheet for Working with Rails Encrypted Credentials

Feature thumb rails encrypted credentials

Starting in Rails 5.2+, the framework now comes with a built in way to encrypt configuration credentials and environment variables. In previous versions an application would need to use a tool such as dotenv or figaro, and you could NEVER include the variable values in version control for security reasons. However, now all of the credentials are encrypted, and a single master key can decrypt them. This means that your team can add the credentials to version control and share them with much more ease.

Below is a cheat sheet that shows the common commands needed to work with Rails encrypted credentials.

 

Editing Credentials

rails credentials:edit

This will use your default text editor to edit the file.

 

Generate a New Application Secret

rails secret

 

Flat Syntax

 

Nested Syntax

 

Querying Flat Keys

Rails.application.credentials.some_special_variable

=> "secretstuff"

 

Querying Nested Keys

Rails.application.credentials.production[:aws][:access_key_id]

=> "123"