[英]Rails: How to fix “Missing secret_key_base for 'production' environment”
I simply can't get past the message:我根本无法通过消息:
Missing `secret_key_base` for 'production' environment, set this string with `rails credentials:edit` (ArgumentError)
I have Rails 5.2.0, and ran我有 Rails 5.2.0,然后跑了
EDITOR=vim rails credentials:edit
and inside:和里面:
production:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
Save and, in the terminal:保存并在终端中:
RAILS_ENV=production rails c
Am I missing something?我错过了什么吗? I've restarted the server and got the same issue, but have no issue in development mode.
我重新启动了服务器并遇到了同样的问题,但在开发模式下没有问题。
Keep default the secrets.yml
file保持默认
secrets.yml
文件
# config/secrets.yml
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
development:
secret_key_base: static_secret_key
test:
secret_key_base: static_test_secret_key
#not_indented: key for all env in once
secret_key_base: global_key_for_all_env
RAILS_ENV=production SECRET_KEY_BASE=production_test_key rails c
If using Rails 5.2.0, add to production env below, check thisLINK如果使用 Rails 5.2.0,添加到下面的生产环境,检查这个链接
config.require_master_key = true #config/environments/production.rb
Rails 5.2.0 requires an extra stage for the production environment: Rails 5.2.0 需要一个额外的生产环境阶段:
config.require_master_key = true # in config/environments/production.rb
Without it, Rails still falls back to the legacy secret.yml
mechanism (for now).没有它,Rails 仍然会回退到遗留的
secret.yml
机制(目前)。
Engine Yard's Christopher Rigor has written a concise post on it . Engine Yard 的 Christopher Rigor 写了一篇简明的文章。 The relevant piece:
相关部分:
Reading the Credentials
阅读凭据
If you want to use the credentials in the production environment, add the following to
config/environments/production.rb
如果要在生产环境中使用凭据,请将以下内容添加到
config/environments/production.rb
config.require_master_key = true
A good read to also see up and down sides.一个很好的阅读也可以看到上下两面。
Note: As @TomDogg found out, Rails 5.2.1 seems again different, so this answer may only apply to 5.2.0.注意:正如@TomDogg 发现的那样,Rails 5.2.1 似乎再次不同,所以这个答案可能只适用于 5.2.0。
config/credentials.yml.enc:配置/凭证.yml.enc:
development:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
test:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
production:
some_username: XXXXXXXXX
some_password: YYYYYYYYY
secret_key_base: ZZZZZZZZZ
# `secret_key_base:` must NOT be indented !
# It must be put at the very start of a new line.
# There is also no need for it in development or test environment,
# since there are no attacks to be expected.
Also make sure that you respect all YAML indention rules (ie 2 spaces only) as failing to do so my make loading of this file fail silently.还要确保您遵守所有 YAML 缩进规则(即仅 2 个空格),因为未能这样做,因此我对此文件的加载会以静默方式失败。
There are no production:
development:
and test:
environment tags in the credentials file.凭证文件中没有
production:
development:
和test:
环境标签。 Further information in this DHH's post: https://github.com/rails/rails/pull/30067此 DHH 帖子中的更多信息: https : //github.com/rails/rails/pull/30067
So write directly所以直接写
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
Please don't confuse master key with the secret key base.请不要将主密钥与秘密密钥库混淆。 The master key is used to open the credentials encrypted file.
主密钥用于打开凭据加密文件。
Switching back to the previous secrets system should not be the solution, nor the accepted answer.切换回以前的秘密系统不应该是解决方案,也不是公认的答案。
Secret_key_base isn't properly setting. Secret_key_base 设置不正确。 It's a known issue not getting enough attention: https://github.com/rails/rails/issues/32947
这是一个没有得到足够重视的已知问题: https : //github.com/rails/rails/issues/32947
Generate the keys with:生成密钥:
EDITOR=vim rails credentials:edit
Record the key.记录密钥。 Save in
config/master.key
.保存在
config/master.key
。
SECRET_KEY_BASE=`cat config/master.key` bin/rails assets:precompile
This is the solution I came to.这是我来的解决方案。 I really don't like how I've been forced to put it though an environment variable.
我真的不喜欢我被迫将它放在环境变量中的方式。 If someone has more information to bring to my attention on how master.key and such work, please do comment.
如果有人有更多关于 master.key 和此类工作的信息要引起我的注意,请发表评论。
Avoid putting secret_key_base under environment tag.避免将 secret_key_base 放在环境标签下。 Put it above it.
把它放在上面。
This is wrong:这是错误的:
production:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
some_other_key: xxx
Try this instead:试试这个:
secret_key_base: xxxxxxxxxxxxxxxxxxxxxxx
production:
some_other_key: xxx
I experienced this same issue when working on a Rails 5.2 application in production.在生产中处理 Rails 5.2 应用程序时,我遇到了同样的问题。
I already had other things set up.我已经设置了其他东西。 The problem for me was not that the
secret_key_base
wasn't set properly, it was rather because of the Passing the environment's name as a regular argument like below is deprecated对我来说,问题不是
secret_key_base
设置不正确,而是因为不推荐将环境名称作为常规参数传递,如下所示
rails c RAILS_ENV=production
If you look at your error log generated closely from its top you will see this:如果您仔细查看从顶部生成的错误日志,您会看到:
DEPRECATION WARNING: Passing the environment's name as a regular argument is deprecated and will be removed in the next Rails version.
弃用警告:不推荐将环境名称作为常规参数传递,并将在下一个 Rails 版本中删除。 Please, use the -e option instead.
请改用 -e 选项。 (called from at bin/rails:9)
(从 bin/rails:9 调用)
To run the rails console in a different environment, use the -e option like this:要在不同的环境中运行 rails 控制台,请使用 -e 选项,如下所示:
rails console -e production
Note : Setting the secret_key_base
in the secrets.yml
file is not safe, as it's not a secure way of storing the key, please use the encrypted credential.yml
file and the master key
to decrypt it.注:设置
secret_key_base
在secrets.yml
文件并不安全,因为它不是存储密钥的安全方式,请使用加密credential.yml
文件和master key
进行解密。
That's all.就这样。
I hope this helps我希望这有帮助
I ran into this problem when deploying my rails app to dokku using a Dockerfile.我在使用 Dockerfile 将 Rails 应用程序部署到 dokku 时遇到了这个问题。 My solution:
我的解决方案:
the file config/secrets.yml
references an environment variable:文件
config/secrets.yml
引用了一个环境变量:
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
I need to set this variable using the dokku command line (either directly on the server, or using the dokku-cli gem on my development machine):我需要使用 dokku 命令行设置这个变量(直接在服务器上,或者在我的开发机器上使用 dokku-cli gem):
dokku config:set SECRET_KEY_BASE=blalbalblablahblablah
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.