ruby-on-railsrubyenvironment-variables

Challenges accessing/working with Rails credentials


I've been trying to access the API keys I set up in the Rails encrypted credentials. I added the keys to the file with Vim, and double checked they did save properly.

I added config.require_master_key = true to my test, development, and production files in config/environments.

But when I try to use one of the API keys, it returns nil.

I have the credentials set up like this:

# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
secret_key_base: 1234567890

stripe:
  development:
    stripe_public_key: pk_test_1234567890
    stripe_secret_key: sk_test_1234567890

stripe:
  test:
    stripe_public_key: pk_test_1234567890
    stripe_secret_key: sk_test_1234567890
stripe:
  production:
    stripe_public_key: pk_live_1234567890
    stripe_secret_key: sk_live_1234567890

Then in the file I want to use it (new.html.erb) I'm trying to access the credentials within a script.

const stripe = Stripe("<%= Rails.application.credentials.stripe.stripe_public_key %>")

But it doesn't return anything.

I tried several other versions/syntax after digging through Stack Overflow and the Rails docs, but haven't gotten anything to work yet.

Also tried const stripe = Stripe("<%= Rails.application.credentials.stripe[Rails.env.to_sym][:stripe_public_key] %>") but no luck with that either.

When I run the server, and view the script in Chrome Dev Tools, it just shows as const stripe = Stripe("")

Worth noting that when I run rails credentials:show, the credentials are printed to the terminal correctly, so they do exist. I must just be accessing them incorrectly.


Solution

  • As @DennyMueller pointed out in the comments, the problem was that the 'stripe' key was overwritten in the file and only the last one ended up existing in the configuration.

    It's anyway useful to point out that this is not the way Rails expects to manage credentials that depend on environment. Instead, you should have separate files config/credentials/development.yml.enc and config/credentials/test.yml.enc, which are generated by running

    rails credentials:edit --environment development
    rails credentials:edit --environment test
    

    So each credentials file should not have the environment name as a key anywhere inside.