How can I use Rails 5.2 credentials in capistrano's deploy.rb file?

Question

I've just updated my Rails app to 5.2, and configured it to use the new config/credentials.yml.enc file.

When I try to deploy, I get this error:

NameError: uninitialized constant Rails
/Users/me/Documents/project/config/deploy.rb:27:in `<top (required)>'

That's pointing to this line in my config/deploy.rb file:

set :rollbar_token, Rails.application.credentials[:rollbar_token]

So it appears that while capistrano is running, it doesn't have access to Rails.application.credentials .

How are you all handling this? I've got some ideas...

• Set this one variable as an ENV variable
  • I don't love how this separates/customizes this one setting
• Somehow make it so capistrano has access to Rails.application.credentials
  • I don't know if this is a good idea or if there are other things I need to be aware of if I go this route
• Remove deploy tracking in rollbar
  • 🤷‍♂️

Answer 1

Put the following line(s) on top of your config/deploy.rb

# config/deploy.rb
require File.expand_path("./environment", __dir__)

This include make constants like Rails.application accessible in files like config/deploy/production.rb . Now things like the following are possible:

# config/deploy/staging.rb
server "production.lan", user: "production", roles: %w{app db web}
set :stage, :production
set :branch, "development"
set :pg_password, Rails.application.credentials[:staging][:postgres][:password]

Answer 2

1. Upload master.key the file on the server (user read-only) like so:

namespace :setup do
  desc "setup: copy config/master.key to shared/config"
  task :copy_linked_master_key do
    on roles(fetch(:setup_roles)) do
      sudo :mkdir, "-pv", shared_path
      upload! "config/master.key", "#{shared_path}/config/master.key"
      sudo :chmod, "600", "#{shared_path}/config/master.key"
    end
  end
  before "deploy:symlink:linked_files", "setup:copy_linked_master_key"
end

Put it in your lib/capistrano/tasks/setup.rake

2. Ensure file is linked

In deploy.rb :

set :linked_files, fetch(:linked_files, []).push("config/master.key")

3. Ensure Capfile loads the task:

Make sure your Capfile has the line

# Load custom tasks from `lib/capistrano/tasks` if you have any defined
Dir.glob("lib/capistrano/tasks/*.rake").each { |r| import r }

Answer 3

我解决了如下问题：

set :rollbar_token, YAML.load(`rails credentials:show`)['rollbar_token']

Answer 4

require File.expand_path("./environment", __dir__)
puts App::Application.credentials.rollbar_token

Answer 5

The way I solve this is to declare a $ROLLBAR_ACCESS_TOKEN environment variable on the server. I place it at the top of ~deployer/.bashrc like this:

export ROLLBAR_ACCESS_TOKEN=...

Then I integrate with Capistrano by defining this task:

task :set_rollbar_token do
  on release_roles(:all).first do
    set :rollbar_token, capture("echo $ROLLBAR_ACCESS_TOKEN").chomp
  end
end

before "rollbar:deploy", "set_rollbar_token"

Answer 6

It seemed to me non-ideal to load the whole of Rails here, or to have to read command line output, so here's an alternative solution:

require "active_support/encrypted_configuration"
require "active_support/core_ext/hash/keys"

module CredentialLoader
  def read_credentials(environment:)
    YAML.load(
      ActiveSupport::EncryptedConfiguration.new(
        config_path: "config/credentials/#{environment}.yml.enc",
        key_path: "config/credentials/#{environment}.key",
        env_key: environment.to_s,
        raise_if_missing_key: true
      ).read
    )   
  end 
end

Then you can do this in your deploy.rb :

include CredentialLoader
set :rollbar_token, read_credentials(environment: fetch(:stage))["rollbar_access_token"]