How to Solve Error "Missing 'Secret_Key_Base' For 'Production' Environment" (Rails 4.1)

How to solve error Missing `secret_key_base` for 'production' environment (Rails 4.1)

I had the same problem and solved it by creating an environment variable to be loaded every time I logged in to the production server, and made a mini-guide of the steps to configure it:

I was using Rails 4.1 with Unicorn v4.8.2 and when I tried to deploy my application it didn't start properly and in the unicorn.log file I found this error message:

app error: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml` (RuntimeError)

After some research I found out that Rails 4.1 changed the way to manage the secret_key, so if you read the secrets.yml file located at exampleRailsProject/config/secrets.yml you'll find something like this:

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

This means that Rails recommends you to use an environment variable for the secret_key_base in your production server. In order to solve this error you should follow these steps to create an environment variable for Linux (in my case Ubuntu) in your production server:

1. In the terminal of your production server execute:

   $ RAILS_ENV=production rake secret
   

   This returns a large string with letters and numbers. Copy that, which we will refer to that code as GENERATED_CODE.

2. Login to your server

   • If you login as the root user, find this file and edit it:

     $ vi /etc/profile
     

     Go to the bottom of the file using Shift+G (capital "G") in vi.

     Write your environment variable with the GENERATED_CODE, pressing i to insert in vi. Be sure to be in a new line at the end of the file:

     $ export SECRET_KEY_BASE=GENERATED_CODE
     

     Save the changes and close the file using Esc and then ":x" and Enter for save and exit in vi.

   • But if you login as normal user, let's call it "example_user" for this gist, you will need to find one of these other files:

     $ vi ~/.bash_profile
     $ vi ~/.bash_login
     $ vi ~/.profile
     

     These files are in order of importance, which means that if you have the first file, then you wouldn't need to edit the others. If you found these two files in your directory ~/.bash_profile and ~/.profile you only will have to write in the first one ~/.bash_profile, because Linux will read only this one and the other will be ignored.

     Then we go to the bottom of the file using Shift+G again and write the environment variable with our GENERATED_CODE using i again, and be sure add a new line at the end of the file:

     $ export SECRET_KEY_BASE=GENERATED_CODE
     

     Having written the code, save the changes and close the file using Esc again and ":x" and Enter to save and exit.

3. You can verify that our environment variable is properly set in Linux with this command:

   $ printenv | grep SECRET_KEY_BASE
   

   or with:

   $ echo $SECRET_KEY_BASE
   

   When you execute this command, if everything went ok, it will show you the GENERATED_CODE from before. Finally with all the configuration done you should be able to deploy without problems your Rails application with Unicorn or some other tool.

When you close your shell and login again to the production server you will have this environment variable set and ready to use it.

And that's it! I hope this mini-guide helps you solve this error.

Disclaimer: I'm not a Linux or Rails guru, so if you find something wrong or any error I will be glad to fix it.

Rails: How to fix Missing secret_key_base for 'production' environment

Keep default the secrets.yml file

# config/secrets.yml
production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
  aws_secret: abcde
  some_password: abcdex

development:
  secret_key_base: static_secret_key
  aws_secret: abcde

test:
  secret_key_base: static_test_secret_key


#not_indented: key for all env in once
secret_key_base: global_key_for_all_env

RAILS_ENV=production SECRET_KEY_BASE=production_test_key rails c

---

If using Rails 5.2.0, add to production env below, check this LINK

config.require_master_key = true    #config/environments/production.rb

Missing `secret_key_base` for 'production' environment on Ubuntu 18.04 server (Rails 6.0), multiple topics tried

Rails 5.2 and later uses encrypted credentials for storing sensitive app's information, which includes secret_key_base by default. These credentials are encrypted with the key stored in master.key file. Git repository, generated by default Rails application setup, includes credentials.yml.enc but ignores master.key. After the deployment, which usually involves git push, Rails production environment should be augmented with this key some way.

So you have two options. You can securely upload master.key to production host via scp or sftp. Or you can establish shell environment variable RAILS_MASTER_KEY within the context of a user that runs rails server process. The former option is preferred, but as you have dotenv-rails gem installed, you'd create .env.production file under app's root and put there a line

RAILS_MASTER_KEY="your_master-key_content"

Don't forget to ensure that gem dotenv-rails isn't restricted within Gemfile by development and test Rails environments.

By the way since passenger module ver. 5.0.0 you can set shell environment variables right from nginx.conf

Missing `secret_key_base` for 'production' environment error on Heroku

Okay, I see what happened. Running heroku run bash and checking which files were deployed has been enlightening.

It is true that secrets.yml was not in the .gitignore file for my local repo, but it seems that someone--possibly malicious hackers, possibly gremlins--had added secrets.yml to my global .gitignore (.gitignore_global), and so this file was in fact not being pushed to Heroku.

I've removed the secrets file from my global .gitignore, offloaded the dev and test environment secret keys to dotenv for management, and can run my deployed app successfully.

I thought about deleting the question, but will leave it in case others run into this problem, or even a similar one where using heroku run bash may be helpful when diagnosing issues with apps on Heroku.

Missing `secret_key_base` for 'production' environment

It's expecting an environment variable that you can set either in your own code somewhere else, in your bash profile, or in a dotenv file.

See Is it possible to set ENV variables for rails development environment in my code? for more details.

Personally I just put all my sensitive stuff directly in secrets.yml and just keep that out of the repository since that seems to be the intended purpose of that file.

Missing secret_key_base for production environment - hosting a rails 4.1.4 app on heroku

When you deploy to Heroku, you're deploying via Git. Any files that aren't included in your git repository won't be pushed to your server. As a result, it doesn't matter what you have in your secrets.yml right now - it's not being deployed.

There's nothing wrong with committing configuration files or YAML files - the problem is in committing secrets. If you commit your API keys and passwords then you have to trust everyone with access to your source code. That's impossible if your code is on Github (because you don't trust everyone on earth with a computer), but is still a bad idea in a small company. You'll be far less stressed if someone leaves, loses their laptop, or gets infected with malware if they don't have production credentials on their machines.

You're already doing the right thing to avoid this. Using environment variables to configure your app keeps those secrets out of your repository, even if those configuration files are committed.

Unable to set secret_key_base for the production environment in Ruby on Rails 4.1.4 application running on Heroku

Add config/secrets.yml to version control and deploy again. You might need to remove a line from .gitignore so that you can commit the file.

.gitignore Github created for my Rails application included config/secrets.yml

---

OR

Follow this steps:

1. $ heroku config (run this command in your terminal)
2. Copy value from SECRET_KEY_BASE
3. paste value to secrets.yml file in place of <%= ENV["SECRET_KEY_BASE"] %> (without any quote)

e.g

production:
  secret_key_base: b1de60dd9e00816d0569c5ce3f8dbaa3c8ea4a7606120dc66cXXXXXXXXXXXXXXXXXXXXXX

4. re-deploy

Note: Actually this is not safe but in-case you just wanted to run your app temporary in production mode for testing or in emergency condition

I hope it works for you...

Rails missing SECRET_KEY_BASE in production

First, note that /etc/profile is only sourced when invoking an interactive login shell, so any variables set in this file wouldn't ever get run by a web-server daemon on startup, which is why it didn't work as expected in your attempt.

Since you're using Apache + Phusion Passenger, you can set application-specific environment variables within your Apache configuration files using the SetEnv option of mod_env.

Otherwise, you could set your environment variables from your application code by reading configuration on your application server's filesystem. You could use a gem like dotenv to automate this pattern.

See Phusion Passenger's documentation About Environment Variables: Passenger-Served Apps for a documentation reference.

---

Related Topics