Rails multi env credentials with Capistrano in production environment: How to set it up?

Question

How to set the RAILS_MASTER_KEY to production server?

i am using Capistrano to deploy (to a nginx/passenger) a rails 6 app (ruby 2.7.0). To let the production app access the credentials I am trying to provide it with the master.key I can get the key the local env (development) master key to the shared/config folder of the server. Still, deploying the app ultimately fails.

To get there :

• step 1 in the local environment, I generate a master key for the production environment and add the relevant variables. I have tried with the master key as well.
• step 2 I manually add that key to the server shared/config/master.key file

I get the following response from Capistrano deploy command:

ActiveSupport::EncryptedFile::MissingKeyError: Missing encryption key to decrypt file with. Ask your team for your master key and write it to /home/deploy/tribe/releases/20200130135612/config/credentials/production.key or put it in the ENV['RAILS_MASTER_KEY'].

Assuming this might be a timing issue, I am also updating the current/config folder with the same key and receive the same response.

Obviously I do not get the master key where it should.

the Capistrano link file task is the following

append :linked_files, "config/master.key"
set :linked_files, %w{config/master.key}

namespace :deploy do
  namespace :check do
    before :linked_files, :set_master_key do
      on roles(:app), in: :sequence, wait: 10 do
        unless test("[ -f #{shared_path}/config/master.key ]")
          upload! 'config/master.key', "#{shared_path}/config/master.key"
        end
      end
    end
  end
end

Answer 1

what I did is I added linked not just master.key but also production.key because log was complaining about production.key, not master

this is added in my deploy.rb

set :linked_files, %w{config/credentials/production.key}

now capistrano works and has no issues with secrets