Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

{:system, "SECRET_KEY_BASE"} not working for cookie key generation #1033

Closed
matthewlehner opened this issue Jul 20, 2015 · 5 comments
Closed

{:system, "SECRET_KEY_BASE"} not working for cookie key generation #1033

matthewlehner opened this issue Jul 20, 2015 · 5 comments

Comments

@matthewlehner
Copy link
Contributor

I ran into this problem trying to deploy to Heroku and followed the directions from the guide explicitly.

Request: GET /articles/new
Server: phoenix-env-errors.herokuapp.com:80 (http)
** (exit) an exception was raised:
    ** (ArgumentError) argument error
        (crypto) :crypto.sha256_mac_nif({:system, "SECRET_KEY_BASE"}, <<113, 81, 99, 88, 119, 102, 70, 80, 0, 0, 0, 1>>, 32)
        (crypto) crypto.erl:1029: :crypto.sha256_mac/3
        (plug) lib/plug/crypto/key_generator.ex:61: Plug.Crypto.KeyGenerator.generate/7
        (plug) lib/plug/crypto/key_generator.ex:47: Plug.Crypto.KeyGenerator.with_cache/3
        (plug) lib/plug/session/cookie.ex:95: Plug.Session.COOKIE.put/4
        (plug) lib/plug/session.ex:89: anonymous fn/3 in Plug.Session.before_send/2
        (elixir) lib/enum.ex:1261: Enum."-reduce/3-lists^foldl/2-0-"/3
        (plug) lib/plug/conn.ex:806: Plug.Conn.run_before_send/2

The SECRET_KEY_BASE is set in config/prod.exs like this:

config :heroku_test, HerokuTest.Endpoint,
  secret_key_base: {:system, "SECRET_KEY_BASE"}

Changing from the tuple to System.get_env/1 makes everything work again, but the Heroku guide specifically says:

Note: the use of a tuple instead of a call to System.get_env/1 is a workaround for releases so that the environment variables are referenced at runtime when using releases. You can read more about it here.

I've prepared a basic Phoenix app, following the Heroku guide directions explicitly to demonstrate the issue: matthewlehner/heroku-phoenix-env-test

It's deployed here: https://phoenix-env-errors.herokuapp.com/

I'm not 100% sure that this is the case, but I'd assume that passing the tuple to the Erlang crypto lib in Plug.Crypto.KeyGenerator is what's causing the problem, but unfortunately I'm too new to Elixir to have a good understanding of what's happening here beyond that.
@matthewlehner matthewlehner mentioned this issue Jul 20, 2015
Closed
@gjaldon
Copy link
Contributor

gjaldon commented Jul 20, 2015

@matthewlehner System.get_env/1 is what you are supposed to use. Using {:system, "SECRET_KEY_BASE"} is a workaround for releases as mentioned in the Heroku guide that you pointed out in your above post. Erlang Releases are another way of doing deployments for your Phoenix app.

Looks like an error in the guides. Will edit it! :)

@ericmj
Copy link
Contributor

ericmj commented Jul 20, 2015

The guide is confusing because we don't do releases on Heroku.

@lancehalvorsen
Copy link
Member

Thanks @gjaldon for your quick work! I just merged your PR and pushed the changes to the live site.

@gjaldon
Copy link
Contributor

gjaldon commented Jul 20, 2015

My pleasure, @lancehalvorsen. :)

@matthewlehner
Copy link
Contributor Author

Thanks for the clarification everyone! 👍
This is now clarified by phoenixframework/phoenix_guides#325

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@matthewlehner @ericmj @lancehalvorsen @gjaldon