How to solve error Missing `secret_key_base` for 'production' environment (Rails 4.1)
I had the same problem and solved it by creating an environment variable to be loaded every time I logged in to the production server, and made a mini-guide of the steps to configure it:
I was using Rails 4.1 with Unicorn v4.8.2 and when I tried to deploy my application it didn't start properly and in the unicorn.log
file I found this error message:
app error: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml` (RuntimeError)
After some research I found out that Rails 4.1 changed the way to manage the secret_key
, so if you read the secrets.yml
file located at exampleRailsProject/config/secrets.yml
you'll find something like this:
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
This means that Rails recommends you to use an environment variable for the secret_key_base
in your production server. In order to solve this error you should follow these steps to create an environment variable for Linux (in my case Ubuntu) in your production server:
In the terminal of your production server execute:
$ RAILS_ENV=production rake secret
This returns a large string with letters and numbers. Copy that, which we will refer to that code as
GENERATED_CODE
.Login to your server
If you login as the root user, find this file and edit it:
$ vi /etc/profile
Go to the bottom of the file using Shift+G (capital "G") in vi.
Write your environment variable with the
GENERATED_CODE
, pressing i to insert in vi. Be sure to be in a new line at the end of the file:$ export SECRET_KEY_BASE=GENERATED_CODE
Save the changes and close the file using Esc and then "
:x
" and Enter for save and exit in vi.But if you login as normal user, let's call it "
example_user
" for this gist, you will need to find one of these other files:$ vi ~/.bash_profile
$ vi ~/.bash_login
$ vi ~/.profileThese files are in order of importance, which means that if you have the first file, then you wouldn't need to edit the others. If you found these two files in your directory
~/.bash_profile
and~/.profile
you only will have to write in the first one~/.bash_profile
, because Linux will read only this one and the other will be ignored.Then we go to the bottom of the file using Shift+G again and write the environment variable with our
GENERATED_CODE
using i again, and be sure add a new line at the end of the file:$ export SECRET_KEY_BASE=GENERATED_CODE
Having written the code, save the changes and close the file using Esc again and "
:x
" and Enter to save and exit.
You can verify that our environment variable is properly set in Linux with this command:
$ printenv | grep SECRET_KEY_BASE
or with:
$ echo $SECRET_KEY_BASE
When you execute this command, if everything went ok, it will show you the
GENERATED_CODE
from before. Finally with all the configuration done you should be able to deploy without problems your Rails application with Unicorn or some other tool.
When you close your shell and login again to the production server you will have this environment variable set and ready to use it.
And that's it! I hope this mini-guide helps you solve this error.
Disclaimer: I'm not a Linux or Rails guru, so if you find something wrong or any error I will be glad to fix it.
Rails: How to fix Missing secret_key_base for 'production' environment
Keep default the secrets.yml
file
# config/secrets.yml
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
aws_secret: abcde
some_password: abcdex
development:
secret_key_base: static_secret_key
aws_secret: abcde
test:
secret_key_base: static_test_secret_key
#not_indented: key for all env in once
secret_key_base: global_key_for_all_env
RAILS_ENV=production SECRET_KEY_BASE=production_test_key rails c
If using Rails 5.2.0, add to production env below, check this LINK
config.require_master_key = true #config/environments/production.rb
Missing `secret_key_base` for 'production' environment on Ubuntu 18.04 server (Rails 6.0), multiple topics tried
Rails 5.2 and later uses encrypted credentials for storing sensitive app's information, which includes secret_key_base
by default. These credentials are encrypted with the key stored in master.key
file. Git repository, generated by default Rails application setup, includes credentials.yml.enc
but ignores master.key
. After the deployment, which usually involves git push
, Rails production environment should be augmented with this key some way.
So you have two options. You can securely upload master.key
to production host via scp
or sftp
. Or you can establish shell environment variable RAILS_MASTER_KEY
within the context of a user that runs rails server
process. The former option is preferred, but as you have dotenv-rails
gem installed, you'd create .env.production
file under app's root and put there a line
RAILS_MASTER_KEY="your_master-key_content"
Don't forget to ensure that gem dotenv-rails
isn't restricted within Gemfile
by development and test Rails environments.
By the way since passenger
module ver. 5.0.0 you can set shell environment variables right from nginx.conf
Missing `secret_key_base` for 'production' environment error on Heroku
Okay, I see what happened. Running heroku run bash
and checking which files were deployed has been enlightening.
It is true that secrets.yml
was not in the .gitignore
file for my local repo, but it seems that someone--possibly malicious hackers, possibly gremlins--had added secrets.yml
to my global .gitignore (.gitignore_global
), and so this file was in fact not being pushed to Heroku.
I've removed the secrets file from my global .gitignore, offloaded the dev and test environment secret keys to dotenv for management, and can run my deployed app successfully.
I thought about deleting the question, but will leave it in case others run into this problem, or even a similar one where using heroku run bash
may be helpful when diagnosing issues with apps on Heroku.
Missing `secret_key_base` for 'production' environment
It's expecting an environment variable that you can set either in your own code somewhere else, in your bash profile, or in a dotenv file.
See Is it possible to set ENV variables for rails development environment in my code? for more details.
Personally I just put all my sensitive stuff directly in secrets.yml and just keep that out of the repository since that seems to be the intended purpose of that file.
Missing secret_key_base for production environment - hosting a rails 4.1.4 app on heroku
When you deploy to Heroku, you're deploying via Git. Any files that aren't included in your git repository won't be pushed to your server. As a result, it doesn't matter what you have in your secrets.yml
right now - it's not being deployed.
There's nothing wrong with committing configuration files or YAML files - the problem is in committing secrets. If you commit your API keys and passwords then you have to trust everyone with access to your source code. That's impossible if your code is on Github (because you don't trust everyone on earth with a computer), but is still a bad idea in a small company. You'll be far less stressed if someone leaves, loses their laptop, or gets infected with malware if they don't have production credentials on their machines.
You're already doing the right thing to avoid this. Using environment variables to configure your app keeps those secrets out of your repository, even if those configuration files are committed.
Unable to set secret_key_base for the production environment in Ruby on Rails 4.1.4 application running on Heroku
Add config/secrets.yml
to version control and deploy again. You might need to remove a line from .gitignore
so that you can commit the file.
.gitignore
Github created for my Rails application included config/secrets.yml
OR
Follow this steps:
- $
heroku config
(run this command in your terminal) - Copy value from
SECRET_KEY_BASE
- paste value to
secrets.yml
file in place of<%= ENV["SECRET_KEY_BASE"] %>
(without any quote)
e.g
production:
secret_key_base: b1de60dd9e00816d0569c5ce3f8dbaa3c8ea4a7606120dc66cXXXXXXXXXXXXXXXXXXXXXX
- re-deploy
Note: Actually this is not safe but in-case you just wanted to run your app temporary in production mode for testing or in emergency condition
I hope it works for you...
Rails missing SECRET_KEY_BASE in production
First, note that /etc/profile
is only sourced when invoking an interactive login shell, so any variables set in this file wouldn't ever get run by a web-server daemon on startup, which is why it didn't work as expected in your attempt.
Since you're using Apache + Phusion Passenger, you can set application-specific environment variables within your Apache configuration files using the SetEnv
option of mod_env
.
Otherwise, you could set your environment variables from your application code by reading configuration on your application server's filesystem. You could use a gem like dotenv
to automate this pattern.
See Phusion Passenger's documentation About Environment Variables: Passenger-Served Apps for a documentation reference.
Related Topics
How to Check If a Value Exists in an Array in Ruby
How to Use the Conditional Operator (? :) in Ruby
How to Generate a Random String in Ruby
What's the Difference Between Ruby'S Dup and Clone Methods
Why Doesn't Ruby Support Method Overloading
Optional Argument After Splat Argument
Require': Cannot Load Such File - 'Nokogiri\Nokogiri' (Loaderror) When Running 'Rails Server'
Method to Parse HTML Document in Ruby
How to Generate a List of N Unique Random Numbers in Ruby
To_D to Always Return 2 Decimals Places in Ruby
How to Understand Nil Vs. Empty Vs. Blank in Ruby
How to Sort an Array in Descending Order in Ruby
No Such File to Load - Rubygems (Loaderror)
Is There an Efficient Way to Perform Hundreds of Text Substitutions in Ruby
Rails 5: Activerecord or Query
How to Fix "Your Ruby Version Is 1.9.3, But Your Gemfile Specified 2.0.0"