Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate master.key even when require_master_key #45672

Merged
merged 1 commit into from Jul 28, 2022
Merged

Generate master.key even when require_master_key #45672

merged 1 commit into from Jul 28, 2022

Conversation

jonathanhefner
Copy link
Member

Prior to this commit, if config.require_master_key was set to true in config/application.rb, the credentials:edit command could not automatically generate a master key file:

# In config/application.rb
config.require_master_key = true
# No previously existing credentials
$ rm config/master.key config/credentials.yml.enc
$ bin/rails credentials:edit
activesupport/lib/active_support/encrypted_file.rb:118:in `handle_missing_key': Missing encryption key to decrypt file with. Ask your team for your master key and write it to config/master.key or put it in the ENV['RAILS_MASTER_KEY']. (ActiveSupport::EncryptedFile::MissingKeyError)

This commit adds a EncryptedFile#key? method that can be used to check for the existence of a key without raising MissingKeyError, and the credentials:edit command now uses this method:

$ bin/rails credentials:edit
Adding config/master.key to store the encryption key: ...

Save this in a password manager your team can access.

If you lose the key, no one, including you, can access anything encrypted with it.

      create  config/master.key

This commit also applies the same fix to the encrypted:edit command.

@jonathanhefner
Generate master.key even when require_master_key
1740b1f 
Prior to this commit, if `config.require_master_key` was set to true in
`config/application.rb`, the `credentials:edit` command could not
automatically generate a master key file:

  ```ruby
  # In config/application.rb
  config.require_master_key = true
  ```

  ```console
  # No previously existing credentials
  $ rm config/master.key config/credentials.yml.enc
  ```

  ```console
  $ bin/rails credentials:edit
  activesupport/lib/active_support/encrypted_file.rb:118:in `handle_missing_key': Missing encryption key to decrypt file with. Ask your team for your master key and write it to config/master.key or put it in the ENV['RAILS_MASTER_KEY']. (ActiveSupport::EncryptedFile::MissingKeyError)
  ```

This commit adds a `EncryptedFile#key?` method that can be used to check
for the existence of a key without raising `MissingKeyError`, and the
`credentials:edit` command now uses this method:

  ```console
  $ bin/rails credentials:edit
  Adding config/master.key to store the encryption key: ...

  Save this in a password manager your team can access.

  If you lose the key, no one, including you, can access anything encrypted with it.

        create  config/master.key
  ```

This commit also applies the same fix to the `encrypted:edit` command.
@jonathanhefner jonathanhefner merged commit 752b566 into rails:main Jul 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
activesupport railties
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jonathanhefner