Missing `secret_key_base` for 'production' environment on Ubuntu 18.04 server (Rails 6.0), multiple topics tried
Rails 5.2 and later uses encrypted credentials for storing sensitive app's information, which includes secret_key_base
by default. These credentials are encrypted with the key stored in master.key
file. Git repository, generated by default Rails application setup, includes credentials.yml.enc
but ignores master.key
. After the deployment, which usually involves git push
, Rails production environment should be augmented with this key some way.
So you have two options. You can securely upload master.key
to production host via scp
or sftp
. Or you can establish shell environment variable RAILS_MASTER_KEY
within the context of a user that runs rails server
process. The former option is preferred, but as you have dotenv-rails
gem installed, you'd create .env.production
file under app's root and put there a line
RAILS_MASTER_KEY="your_master-key_content"
Don't forget to ensure that gem dotenv-rails
isn't restricted within Gemfile
by development and test Rails environments.
By the way since passenger
module ver. 5.0.0 you can set shell environment variables right from nginx.conf
run rake secret
in your local machine and this will generate a key for you
make config/secrets.yml
file
add the generated secret key here
production: secret_key_base: asdja1234sdbjah1234sdbjhasdbj1234ahds…
and redeploy the application after commiting
i had the same issue and resolved by this method.
It would be more secure to generate your key on the server and use it there, rather than push it to your repo from a local machine.
Instead of ~/.bashrc
do this for using environment variables;
- As
root
user, navigate to the#
directory (can probably just usecd ..
) - Enter
nano home/<yourAppUser>/.bash_profile
to navigate to (and create) the file to store theENV
- As you have already, just write this in the file:
export SECRET_KEY_BASE="GENERATED_KEY_1"
You can store your database password here as well.