New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to change master.key #32718

Closed
pdagrawal opened this Issue Apr 25, 2018 · 3 comments

Comments

Projects
None yet
4 participants
@pdagrawal
Copy link

pdagrawal commented Apr 25, 2018

Steps to reproduce

I have setup a new project and using Rails 5.2 and its encrypted credentials feature. But if my master.key file get compromised then how would I change it and should be able to use encrypted credentials with newly created master key.

Expected behavior

Should be able to renew master key by using previous master key just like we can change password with using current password.

Actual behavior

Unable to change master key

System configuration

Rails version:
5.2.0

Ruby version:
2.5.1p57

@y-yagi

This comment has been minimized.

Copy link
Member

y-yagi commented Apr 25, 2018

We do not offer the feature for that.
I think that can correspond by manually saving the contents of credentials as a temporary file and setting up credentials again.
Anyway, this is a feature request.

Please use the Rails Core mailing list for feature requests, where a wider community will be able to help you. We reserve the Rails issue tracker only for bugs in Rails. Thanks.

@y-yagi y-yagi closed this Apr 25, 2018

@mmhan

This comment has been minimized.

Copy link

mmhan commented Sep 22, 2018

I think that can correspond by manually saving the contents of credentials as a temporary file and setting up credentials again.

I'm not sure do that step "setting up credentials again", I couldn't find any credential related tasks in rails -T either

@Faizaankhan3

This comment has been minimized.

Copy link

Faizaankhan3 commented Oct 30, 2018

Regenerate key
Was your master key compromised? Do you want to generate new master.key?

Currently, there is no “edit password” feature, you need copy original content of the credentials, remove the enc files and regenerate fresh credentials file (source)

step 1 copy content of original credentials rails credentials:show
step 2 move your config/credentials.yml.enc and config/manter.key away (mv config/credentials.yml.enc ./tmp/ && mv config/master.key ./tmp/)
step 3 run EDITOR=vim rails credentials:edit
step 4 paste copied values from original credentials
step 5 save and commit config/credentials.yml.enc

@y-yagi kindly try to understand the problem before closing an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment