Dennis Hackethal’s Blog

My blog about coding, philosophy, and anything else that interests me.

Using Rails Production Credentials with Heroku

Ruby on Rails offers a credentials feature to store secret information in your repository. The keys Rails creates are added to the .gitignore file, but any secret information itself is encrypted and can be checked into git. There’s more info on credentials here.

I found myself confronted with the specific problem of how to use these credentials in Heroku. If you’re using only a master key and store your credentials in config/credentials.ymc.enc, that’s easy: you just set an environment variable in Heroku called RAILS_MASTER_KEY to the contents of your config/master.key file.

But what if you use separate credential files for each environment? Then the master key won’t do. You’ll need to use the production key in config/credentials/production.key. This key is likewise ignored by git—which you want, for security reasons—so you somehow have to tell Heroku about the production key, presumably also through an environment variable.

First, I tried setting an environment variable called RAILS_PRODUCTION_KEY. But that didn’t work. Then I found the answer in this question: you simply set the environment variable called RAILS_MASTER_KEY to your production key. That’s how you “trick” Heroku into using your production key as a master key and make credentials work in Heroku if you’re using a separate credential file for your production environment.


What people are saying

What are your thoughts?

Markdown supported. cmd + enter to submit. You are responsible for what you write.