How to solve error Missing secret key base for production environment Rails 4 1

Question

I created a Rails application  using Rails 4 1  from scratch and I am facing a strange problem that I am not able to solve   Every time I try to deploy my application on Heroku I get an error 500   Missing  secret key base  for  production  environment  set this value in  config secrets yml    The secret yml file contains the following configuration    secret key base   lt    ENV  SECRET KEY BASE     gt    On Heroku I configured the  SECRET KEY BASE  environment variable with the result of the rake secret command  If I launch heroku config  I can see the variable with the correct name and value   Why am I still getting this error

User · Answer

In my case  the problem was that config master key was not in version control  and I had created the project on a different computer   The default  gitignore that Rails creates excludes this file  Since it s impossible to deploy without having this file  it needs to be in version control  in order to be able to deploy from any team member s computer   Solution  remove the config master key line from  gitignore  commit the file from the computer where the project was created  and now you can git pull on the other computer and deploy from it   People are saying not to commit some of these files to version control  without offering an alternative solution  As long as you re not working on an open source project  I see no reason not to commit everything that s required to run the project  including credentials

User · Answer

While you can use initializers like the other answers  the conventional Rails 4 1  way is to use the config secrets yml  The reason for the Rails team to introduce this is beyond the scope of this answer but the TL DR is that secret token rb conflates configuration and code as well as being a security risk since the token is checked into source control history and the only system that needs to know the production secret token is the production infrastructure   You should add this file to  gitignore much like you wouldn t add config database yml to source control either   Referencing Heroku s own code for setting up config database yml from DATABASE URL in their Buildpack for Ruby  I ended up forking their repo and modified it to create config secrets yml from SECRETS KEY BASE environment variable   Since this feature was introduced in Rails 4 1  I felt it was appropriate to edit   lib language pack rails41 rb and add this functionality   The following is the snippet from the modified buildpack I created at my company   class LanguagePack  Rails41  lt  LanguagePack  Rails4             def compile     instrument  rails41 compile  do       super       allow git do         create secrets yml       end     end   end               writes ERB based secrets yml for Rails 4 1    def create secrets yml     instrument  ruby create secrets yml  do       log  create secrets yml   do         return unless File directory   config           topic  Writing config secrets yml to read from SECRET KEY BASE           File open  config secrets yml    w   do  file            file puts  lt  lt -SECRETS YML  lt   raise  No RACK ENV or RAILS ENV found  unless ENV  RAILS ENV      ENV  RACK ENV     gt    lt    ENV  RAILS ENV      ENV  RACK ENV     gt     secret key base   lt    ENV  SECRET KEY BASE     gt            SECRETS YML         end       end     end   end           end   You can of course extend this code to add other secrets  e g  third party API keys  etc   to be read off of your environment variable        lt    ENV  RAILS ENV      ENV  RACK ENV     gt     secret key base   lt    ENV  SECRET KEY BASE     gt    third party api key   lt    ENV  THIRD PARTY API     gt    This way  you can access this secret in a very standard way   Rails application secrets third party api key   Before redeploying your app  be sure to set your environment variable first    Then add your modified buildpack  or you re more than welcome to link to mine  to your Heroku app  see Heroku s documentation  and redeploy your app   The buildpack will automatically create your config secrets yml from your environment variable as part of the dyno build process every time you git push to Heroku   EDIT  Heroku s own documentation suggests creating config secrets yml to read from the environment variable but this implies you should check this file into source control  In my case  this doesn t work well since I have hardcoded secrets for development and testing environments that I d rather not check in

User · Answer

I have a patch that I ve used in a Rails 4 1 app to let me continue using the legacy key generator  and hence backwards session compatibility with Rails 3   by allowing the secret key base to be blank   Rails  Application class eval do     the key generator will then use ActiveSupport  LegacyKeyGenerator new config secret token    fail  I m sorry  Dave  there s no  validate secret key config   unless instance method  validate secret key config     def validate secret key config    nodoc      config secret token   secrets secret token     if config secret token blank        raise  Missing  secret token  for    Rails env   environment  set this value in  config secrets yml       end    end  end   I ve since reformatted the patch are submitted it to Rails as a Pull Request

User · Answer

this is works good https   gist github com pablosalgadom 4d75f30517edc6230a67 for root user should edit      etc profile   but if you non root should put the generate code in the following       bash profile       bash login       profile

User · Answer

I m going to assume that you do not have your secrets yml checked into source control  ie  it s in the  gitignore file    Even if this isn t your situation  it s what many other people viewing this question have done because they have their code exposed on Github and don t want their secret key floating around   If it s not in source control  Heroku doesn t know about it   So Rails is looking for Rails application secrets secret key base and it hasn t been set because Rails sets it by checking the secrets yml file which doesn t exist   The simple workaround is to go into your config environments production rb file and add the following line   Rails application configure do             config secret key base   ENV  SECRET KEY BASE           end   This tells your application to set the secret key using the environment variable instead of looking for it in secrets yml   It would have saved me a lot of time to know this up front

User · Answer

I had the same problem and solved it by creating an environment variable to be loaded every time I logged in to the production server  and made a mini-guide of the steps to configure it   I was using Rails 4 1 with Unicorn v4 8 2 and when I tried to deploy my application it didn t start properly and in the unicorn log file I found this error message   app error  Missing  secret key base  for  production  environment  set this value in  config secrets yml   RuntimeError    After some research I found out that Rails 4 1 changed the way to manage the secret key  so if you read the secrets yml file located at exampleRailsProject config secrets yml you ll find something like this     Do not keep production secrets in the repository    instead read values from the environment  production    secret key base   lt    ENV  SECRET KEY BASE     gt    This means that Rails recommends you to use an environment variable for the secret key base in your production server  In order to solve this error you should follow these steps to create an environment variable for Linux  in my case Ubuntu  in your production server    In the terminal of your production server execute     RAILS ENV production rake secret   This returns a large string with letters and numbers  Copy that  which we will refer to that code as GENERATED CODE  Login to your server   If you login as the root user  find this file and edit it     vi  etc profile   Go to the bottom of the file using Shift G  capital  G   in vi   Write your environment variable with the GENERATED CODE  pressing i to insert in vi  Be sure to be in a new line at the end of the file     export SECRET KEY BASE GENERATED CODE   Save the changes and close the file using Esc and then   x  and Enter for save and exit in vi  But if you login as normal user  let s call it  example user  for this gist  you will need to find one of these other files     vi    bash profile   vi    bash login   vi    profile   These files are in order of importance  which means that if you have the first file  then you wouldn t need to edit the others  If you found these two files in your directory    bash profile and    profile you only will have to write in the first one    bash profile  because Linux will read only this one and the other will be ignored   Then we go to the bottom of the file using Shift G again  and write the environment variable with our GENERATED CODE using  i again  and be sure add a new line at the end of the file     export SECRET KEY BASE GENERATED CODE   Having written the code  save the changes and close the file using Esc again and   x  and Enter to save and exit   You can verify that our environment variable is properly set in Linux with this command     printenv   grep SECRET KEY BASE   or with     echo  SECRET KEY BASE   When you execute this command  if everything went ok  it will show you the GENERATED CODE from before  Finally with all the configuration done you should be able to deploy without problems your Rails application with Unicorn or some other tool    When you close your shell and login again to the production server you will have this environment variable set and ready to use it   And that s it  I hope this mini-guide helps you solve this error   Disclaimer  I m not a Linux or Rails guru  so if you find something wrong or any error I will be glad to fix it

User · Answer

Add config secrets yml to version control and deploy again   You might need to remove a line from  gitignore so that you can commit the file     I had this exact same issue and it just turned out that the boilerplate  gitignore Github created for my Rails application included config secrets yml

User · Answer

I ve created config initializers secret key rb file and I wrote only following line of code   Rails application config secret key base   ENV  SECRET KEY BASE     But I think that solution posted by  Erik Trautman is more elegant     Edit  Oh  and finally I found this advice on Heroku  https   devcenter heroku com changelog-items 426     Enjoy

User · Answer

What I did   On my production server  I create a config file  confthin yml  for Thin  I m using it  and add the following information    environment  production user  www-data group  www-data SECRET KEY BASE  mysecretkeyproduction   I then launch the app with   thin start -C  whereeveristhefieonprod configthin yml   Work like a charm and then no need to have the secret key on version control   Hope it could help  but I m sure the same thing could be done with Unicorn and others

User · Answer

On Nginx Passenger Ruby  2 4  Rails  5 1 1  nothing else worked except    passenger env var in  etc nginx sites-available default in the server block    Source  https   www phusionpassenger com library config nginx reference  passenger env var

User · Answer

Demi Magus answer worked for me until Rails 5   On Apache2 Passenger Ruby  2 4  Rails  5 1 6   I had to put   export SECRET KEY BASE GENERATED CODE   from Demi Magus answer in  etc apache2 envvars  cause  etc profile seems to be ignored   Source  https   www phusionpassenger com library indepth environment variables html apache

User · Answer

You can export the secret keys to as environment variables on the    bashrc or    bash profile of your server   export SECRET KEY BASE    YOUR SECRET KEY    And then  you can source your  bashrc or  bash profile   source    bashrc  source    bash profile   Never commit your secrets yml

User · Answer

For rails6  I was facing the same problem  as I was missing following files  once I added them  the issue resolved   1  config master key 2  config credentials yml enc   Make sure you have this files

User · Answer

I had the same problem after I used the  gitignore file from https   github com github gitignore blob master Rails gitignore  Everything worked out fine after I commented the following lines in the  gitignore file   config initializers secret token rb config secrets yml

User · Answer

This worked for me   SSH into your production server and cd into your current directory  run bundle exec rake secret or rake secret  you will get a long string as an output  copy that string   Now run sudo nano  etc environment   Paste at the bottom of the file  export SECRET KEY BASE rake secret ruby -e  p ENV  SECRET KEY BASE      Where rake secret is the string you just copied  paste that copied string in place of rake secret   Restart the server and test by running echo  SECRET KEY BASE

[ruby-on-rails] How to solve error "Missing `secret_key_base` for 'production' environment" (Rails 4.1)

Examples related to ruby-on-rails

Examples related to ruby

Examples related to heroku

Examples related to ruby-on-rails-4