DEV Community

Cover image for Rails encrypted credentials with docker compose
Sulman Baig
Sulman Baig

Posted on • Originally published at sulmanweb.com

Rails encrypted credentials with docker compose

Ruby on Rails 5.2 removed the simple secrets.yml file and replaced it with credentials.yml.enc. This file is encrypted, so it is easy to use in version control. To decrypt this encrypted file there is master.keyin config file which should not be included in version control.

Edit credentials file

Locally installed rails app credentials can be edited with following command

EDITOR=nano rails credentials:edit
Enter fullscreen mode Exit fullscreen mode

EDITOR tells which editor we want to use to edit credentials like some people love vim editor as well.

Sometimes ui-based editors don’t open this way. As we have to wait for the editor to open.

EDITOR="mate --wait" rails credentials:edit
Enter fullscreen mode Exit fullscreen mode

Multiple environments

Rails 6 allowed multiple files for different rails environments. For example, without dependency of environment are saved in config/credentials.yml.enc. But variable which are different for development environment are saved in config/credentials/development.yml.enc and decrypted with key config/credentials/development.key.

So editing for development can be called by:

EDITOR=nano rails credentials:edit --environment development
Enter fullscreen mode Exit fullscreen mode

For more info, visit: https://blog.saeloun.com/2019/10/10/rails-6-adds-support-for-multi-environment-credentials.html

Calling credentials edit in docker compose

When rails is not locally installed but inside a container, then to call a cli method inside a container is a bit different. I use the following command to update the credentials:

docker-compose run --rm -e EDITOR=nano api rails credentials:edit
Enter fullscreen mode Exit fullscreen mode

Here, api is the container name created with docker compose. Furthermore, --rm is being used because run creates a copy of the container, so it will remove the container volume after it is closed.

Happy Coding!

Top comments (0)