Rails 4 Generate Secret Key Base

Posted on  by 

I am new to Rails 4, and do not understand the use of secretkeybase under config/secrets.yml in Rails 4. Can you please explain this concept? Also, when I am working in the production environment, I am prompted to set the secretkey with devise.rb, config.secretkey, and secretkeybase.

app error: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml` (RuntimeError)
Secret key indonesia
secret_key_base
So i was using Rails 4.1 with Unicorn v4.8.2 and when i tried to deploy my app it doesn't start properly and into the unicorn.log file i found this error message:
'app error: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml` (RuntimeError)'
After a little research i found that Rails 4.1 change the way to manage the secret_key, so if we read the secrets.yml file located at exampleRailsProject/config/secrets.yml (you need to replace 'exampleRailsProject' for your project name) you will find something like this:
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
This means that rails recommends you to use an environment variable for the secret_key_base in our production server, so in order to solve this error you will need to follow this steps to create an environment variable for linux (in my case it is Ubuntu) in our production server:
1.- In the terminal of our production server you will execute the next command:
$ RAILS_ENV=production rake secret
This will give a large string with letters and numbers, this is what you need, so copy that (we will refer to that code as GENERATED_CODE).
2.1- Now if we login as root user to our server we will need to find this file and open it:
$ vi /etc/profile
Then we go to the bottom of the file ('SHIFT + G' for capital G in VI)
And we will write our environment variable with our GENERATED_CODE (Press 'i' key to write in VI), be sure to be in a new line at the end of the file:
export SECRET_KEY_BASE=GENERATED_CODE
Having written the code we save the changes and close the file (we push 'ESC' key and then write ':x' and 'ENTER' key for save and exit in VI)
2.2 But if we login as normal user, lets call it example_user for this gist, we will need to find one of this other files:
$ vi ~/.bash_profile
$ vi ~/.bash_login
$ vi ~/.profile
These files are in order of importance, that means that if you have the first file, then you wouldn't need to write in the others. So if you found this 2 files in your directory '~/.bash_profile' and '~/.profile' you only will have to write in the first one '~/.bash_profile', because linux will read only this one and the other will be ignored.
Then we go to the bottom of the file ('SHIFT + G' for capital G in VI)
And we will write our environment variable with our GENERATED_CODE (Press 'i' key to write in VI), be sure to be in a new line at the end of the file:
export SECRET_KEY_BASE=GENERATED_CODE
Having written the code we save the changes and close the file (we push 'ESC' key and then write ':x' and 'ENTER' key for save and exit in VI)
3.-We can verify that our environment variable is properly set in linux with this command:
$ printenv | grep SECRET_KEY_BASE
or with:
$ echo $SECRET_KEY_BASE
When you execute this command, if everything went ok, it will show you the GENERATED_CODE that we generated before. Finally with all the configuration done you can deploy without problems your Rails app with Unicorn or other.
Now when you close your shell terminal and login again to the production server you will have this environment variable set and ready to use it.
And Thats it!! i hope this mini guide help you to solve this error.
Disclaimer: i'm not a guru of linux or rails, so if you find something wrong or any error i will be glad to correct it!

commented Jan 7, 2015

Rails Generate Secret Key Base

(we push 'ESC' key and then write ':x' and 'ENTER' key for save and exit in VI)
when we going this way at this place ':x' and 'ENTER' for save and exit its demand the encrepted key
or not save exit

commented Aug 23, 2015

This is solution:

At your app inside application.rb add this line:

Key

commented Jul 13, 2016
edited

TY bro that fix my problem

zirexba commented on 22 Aug 2015
This is solution:

At your app inside application.rb add this line:

config.secret_key_base = 'blipblapblup'

commented Oct 28, 2016

config.secret_key_base = '<%= ENV['SECRET_KEY_BASE'] %>' is more secure

commented Jun 6, 2017

Add this line in config/environments/production.rb
config.secret_key_base = ENV['SECRET_KEY_BASE']

commented Dec 29, 2017
edited

commented Sep 18, 2018

Generate

config.secret_key_base = 'blipblapblup'

Thank you. Fixed here!

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
with_active_support.rb
require'cgi'
require'json'
require'active_support'
defverify_and_decrypt_session_cookie(cookie,secret_key_base)
cookie=CGI::unescape(cookie)
salt='encrypted cookie'
signed_salt='signed encrypted cookie'
key_generator=ActiveSupport::KeyGenerator.new(secret_key_base,iterations: 1000)
secret=key_generator.generate_key(salt)[0,ActiveSupport::MessageEncryptor.key_len]
sign_secret=key_generator.generate_key(signed_salt)
encryptor=ActiveSupport::MessageEncryptor.new(secret,sign_secret,serializer: JSON)
encryptor.decrypt_and_verify(cookie)
end
without_active_support.rb
require'openssl'
require'base64'
require'cgi'
require'json'
defverify_and_decrypt_session_cookiecookie,secret_key_base
cookie=CGI.unescape(cookie)
#################
# generate keys #
#################
encrypted_cookie_salt='encrypted cookie'# default: Rails.application.config.action_dispatch.encrypted_cookie_salt
encrypted_signed_cookie_salt='signed encrypted cookie'# default: Rails.application.config.action_dispatch.encrypted_signed_cookie_salt
iterations=1000
key_size=64
secret=OpenSSL::PKCS5.pbkdf2_hmac_sha1(secret_key_base,encrypted_cookie_salt,iterations,key_size)[0,OpenSSL::Cipher.new('aes-256-cbc').key_len]
sign_secret=OpenSSL::PKCS5.pbkdf2_hmac_sha1(secret_key_base,encrypted_signed_cookie_salt,iterations,key_size)
##########
# Verify #
##########
data,digest=cookie.split('--')
raise'invalid message'unlessdigestOpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new,sign_secret,data)
# you better use secure compare instead of `` to prevent time based attact,
# ref: ActiveSupport::SecurityUtils.secure_compare
###########
# Decrypt #
###########
encrypted_message=Base64.strict_decode64(data)
encrypted_data,iv=encrypted_message.split('--').map{|v| Base64.strict_decode64(v)}
cipher=OpenSSL::Cipher::Cipher.new('aes-256-cbc')
cipher.decrypt
cipher.key=secret
cipher.iv=iv
decrypted_data=cipher.update(encrypted_data)
decrypted_data << cipher.final
JSON.load(decrypted_data)
end

commented Mar 12, 2017

Lovely, thank you! 🎉

In line 10 of the first one, you use ActiveSupport::MessageEncryptor.key_len which does not exist in Rails 5.0.0. I substituted OpenSSL::Cipher.new('aes-256-cbc').key_len, which was 32 on my machine.

commented Jan 17, 2018

@erose You are right! I didn't realize that ActiveSupport::MessageEncryptor.key_len got added in 5.0.1!

http://api.rubyonrails.org/v5.0.0/classes/ActiveSupport/MessageEncryptor.html vs
http://api.rubyonrails.org/v5.0.1/classes/ActiveSupport/MessageEncryptor.html#method-c-key_len

commented Mar 15, 2018

For Rails 5.1 I needed to remove serializer: JSONhttps://gist.github.com/tadast/769541b7fb82b31466dc620af40fe362

commented Jul 1, 2018

How did you guys handle development where Rails.application.secrets.secret_key_base is nil?

commented Mar 31, 2020

Rails Generate Secret_key_base For Production

For what it's worth, this didn't work for me under rails 5.2.4, but here's what worked for me: https://gist.github.com/nevans/558b69f227c243f63552a6f91915424f

Rails 4 Generate Secret Key Base 2017

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Coments are closed
Free Overwatch License Key Generator Crysis 1 Key Generator Download