11

My initial commit which I did on my workstation, ignored my config/master.key file. Now that I'm hundreds of miles away from my workstation, is there any way to generate a new master.key file using a cloned repo on my laptop?

Because I need it now.

Running

Rails 6.0.2.1

ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-linux]

Ubuntu WSL on Windows 10

VSCODE

kometen
  • 6,536
  • 6
  • 41
  • 51
Maxxx
  • 363
  • 1
  • 6
  • 15

1 Answers1

14

My initial commit which I did on my workstation, ignored my config/master.key file.

This is correct behavior. config/master.key should not be checked in. It's a secret which should live in a separate secrets vault such as a shared password manager or something like Vault. Then you can store all the other application's secrets encrypted with that single key. If your code repository is compromised your secrets remain safe.

Review rails credentials:help.

If you're asking if you can create the same config/master.key, no. Such a back door would defeat the point. I'm afraid you're out of luck. Any secrets stored in the app should also be in your vault.

If you're asking if you can create a new config/master.key, yes. Delete config/master.key and config/credentials.yml.enc. Then run rails credentials:edit and it will make a new key and encrypted credentials file.

kometen
  • 6,536
  • 6
  • 41
  • 51
Schwern
  • 153,029
  • 25
  • 195
  • 336
  • And what's the downside if I should create a new one? – Maxxx Jan 30 '20 at 21:38
  • 2
    @Richard Since you're the only one working on the project, very few. If you don't care about the old credentials, just use the new key going forward. If you need to keep the old credentials, you'll have to merge them with your changes under the new key. This is a manual process, Git cannot merge the encrypted files. – Schwern Jan 30 '20 at 22:49