-
Notifications
You must be signed in to change notification settings - Fork 21.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow assets:precompile to be run in a production build step without passing in RAILS_MASTER_KEY #46760
Conversation
This is useful when precompiling assets for production as part of a build step that otherwise does not need access to the production secrets.
* main: Remind of credentials diff enrollment on edit [docs] Code samples for postgres configs Silence credentials generator in app generator Let `initialize` not create an Array as its return value Reduce Array allocations in MimeNegotiation Trim trailing whitespace from *.md files Avoid unnecessary replacements when the node doesn't change Allow assets:precompile to be run in a production build step without passing in RAILS_MASTER_KEY (#46760)
Passing a dummy secret_key_base was exactly the way I fix same problem: # config/environments/production.rb
Rails.application.configure do
# ...
config.secret_key_base = ENV.fetch('SECRET_KEY_BASE')
# ...
end # Dockerfile
RUN SECRET_KEY_BASE=DummyValueToPassAssetsCompilation bundle exec rails assets:precompile |
@dhh This does not work when the
Is the recommendation now to disable |
Yeah, I don't think we want to make a liar about of that config. If you have a setup where you don't want to inject the master key during build (and use dummy key base), then you need to turn that off. |
When compiling assets in production as part of an image build step, it's inconvenient to have to pass in the real
RAILS_MASTER_KEY
. So allow passing in a dummy secret_key_base, just like we do in development and test, viaENV["SECRET_KEY_BASE_DUMMY"] = 1
. This will not give access to any of the real credentials or message verifiers, but allow the build step to complete, since it typically does not need it anyway.