New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't load app environment when editing credentials #34789

Merged
merged 1 commit into from Jan 24, 2019

Conversation

Projects
None yet
2 participants
@christos
Copy link
Contributor

christos commented Dec 25, 2018

Summary

While evaluating multi-environment credentials, I came across a problem trying to create a new environment for my app.

Once you have created your first environment (e.g. development) you might start adding configuration in initialisers that tries to access encrypted credentials like so:

# config/initializers/sidekiq.rb
Sidekiq::Web.set :session_secret, Rails.application.credentials.secret_key_base!

That works fine when running rails credentials:edit --environment development

If you now decide to create a staging environment, doing rails credentials:edit --environment staging will fail with something similar to ...ordered_options.rb:49:in 'method_missing': :secret_key_base is blank (KeyError)

A great many gems that access 3rd party APIs use an initialiser for configuring credentials so the above situation is quite likely to occur.

I worked around the issue by creating a new empty Rails app, running rails credentials:edit --environment staging in it, and copying across the generated credential files.

This PR attempts to fix the issue by not loading the application environment for rails credentials:* commands.

I've added a test but I am not sure that it is correct (or sufficient) as I struggled to fully understand the railties test harness. Happy to try another way to test this.

Don't load app environment when editing credentials
This avoids missing key exceptions caused by code that tries to read the credentials before they have been added to the encrypted file, for example when editing the credentials for a new environment.

@rails-bot rails-bot bot added the railties label Dec 25, 2018

@kaspth kaspth merged commit 5f7d599 into rails:master Jan 24, 2019

1 of 2 checks passed

continuous-integration/travis-ci/pr The Travis CI build failed
Details
codeclimate All good!
Details
@kaspth

This comment has been minimized.

Copy link
Member

kaspth commented Jan 24, 2019

Lovely fix, thank you!

kaspth added a commit that referenced this pull request Jan 24, 2019

Merge pull request #34789 from christos/fix-editing-new-environment-c…
…redentials

Don't load app environment when editing credentials
@kaspth

This comment has been minimized.

Copy link
Member

kaspth commented Jan 24, 2019

Backported to 5-2-stable @ 4b6a24c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment