RAILS_MASTER_KEY environment variable not getting fetched

vigneshacker · August 28, 2022, 2:34am

When trying to run fly deploy It is giving a error of rails encryption key is missing.

But I already have the secrets added to the app and it is mentioned below.

Can anyone please do let me know why dockerfile is not picking the secrets.

ignoramous · August 28, 2022, 1:40pm

Build-time secrets are different from runtime secrets: Build-time secrets - #2 by fideloper-fly

See this for one solution: `fly deploy --remote-only` isn't reading Rails Credentials file from Github Actions, but works elsewhere - #3 by jsierles

Or, this for another: Secret docker build arguments - #5 by jsierles

pil0u · August 28, 2022, 3:35pm

@vigneshacker I had a problem where I tried to deploy an existing app to Fly.io. Upon first deployment, Fly creates a new RAILS_MASTER_KEY but this key is unable to decrypt anything, since my secrets were encrypted with an previously set key.

To manually set the one I previously set in my project, I had to run:

fly secrets set RAILS_MASTER_KEY=my-old-key

If that doesn’t do it, could you share logs?

rubys · August 28, 2022, 4:48pm

Verify that your credentials are encoded using your current `config/master.key’ using:

bin/rails credentials:show

You can see what RAILS_MASTER_KEY is deployed using:

$ fly ssh console -C env | grep RAILS_MASTER_KEY

If this doesn’t match the value in config/master.key, run:

fly secrets set RAILS_MASTER_KEY=$(cat config/master.key)

vigneshacker · August 29, 2022, 1:18am

I have created an custom build-arg and added an

# Need to pass --build-arg to pass the RAILS_MASTER_KEY
ARG RAILS_MASTER_KEY
ENV RAILS_MASTER_KEY=${RAILS_MASTER_KEY}

Then, during the deploy. Went with below code

fly deploy --remote-only --build-arg RAILS_MASTER_KEY=$(cat config/credentials/production.key)

ignoramous · August 29, 2022, 9:43pm

Careful using --build-arg for sensitive data though, --build-secret exists for a reason (which Fly does support too).

ajsharp · August 30, 2022, 12:33am

Worth mentioning that you almost definitely don’t need the real value available at build time. For rails docker builds, I typically just set this to a placeholder value to make rails happy, and then set it to a real value at runtime, via fly secrets set.

The dockerfile usually has a line like this:

ENV RAILS_MASTER_KEY=fake

Topic		Replies	Views
Missing `secret_key_base` for 'production' environment, set this string with `bin/rails credentials:edit` rails	5	5015	July 19, 2023
rails fly:build fails because it doesn't have access to secrets or env vars Build debugging rails	10	615	September 12, 2022
Having Trouble using my Rails Application to Fly.io Questions / Help	3	721	January 22, 2024
Environment variables Questions / Help	36	2771	September 13, 2022
Secrets not updated by `flyctl secrets set` Build debugging	3	472	July 19, 2022

RAILS_MASTER_KEY environment variable not getting fetched

Related Topics