Replies: 15 comments 15 replies
-
https://github.com/bkeepers/dotenv explicitly discusses that the original intention of the Gem is to be used on development + test, but not in production. It seems it CAN be used in production, but that wans't the original intention. MRSK makes What is confusing is generally, it is advised against to put your master key into source control -- this is the whole point of having environment variables separated from the source code. So, what do I do? I could see two ways forward: (1) put my rails master key into (2) if using a |
Beta Was this translation helpful? Give feedback.
-
cc: @driftingruby — I'm not sure if this problem is related to MRSK or the Dockerfile which I had copied from your site https://www.driftingruby.com/episodes/deploying-with-mrsk |
Beta Was this translation helpful? Give feedback.
-
I tried adding this but it didn't work as expected
ERROR: failed to solve: failed to compute cache key: failed to calculate checksum of ref iu1slb3t4migzukxu8utkd59t::wo21gohuj7e7t4qunsw6t9nfs: "/config/master.key": not found am I going down the wrong path here? |
Beta Was this translation helpful? Give feedback.
-
@driftingruby says the Dockerfile which I had copied into my Rails 7.0.4 app originally came from here in Rails 7.1 |
Beta Was this translation helpful? Give feedback.
-
if I have
if I COMMENT OUT `config.require_master_key = true in production.rb, the error is instead this:
Either way, if I run
|
Beta Was this translation helpful? Give feedback.
-
tested on MRSK 0.12.0, same results |
Beta Was this translation helpful? Give feedback.
-
next step:
|
Beta Was this translation helpful? Give feedback.
-
I managed to work around this by supplying my master key during build like so RUN --mount=type=secret,id=RAILS_MASTER_KEY \
RAILS_MASTER_KEY=$(cat /run/secrets/RAILS_MASTER_KEY) ./bin/rails assets:precompile And builder:
secrets:
- RAILS_MASTER_KEY There are likely some security concerns with this so looking forward to Rails 7.1 but until then, this works for me. |
Beta Was this translation helpful? Give feedback.
-
this was happening because I was attempting to use
I think the
If I'm setting this up on Rails 7.0 (which I am), someone on stack overflow showed me a way to pass the master key into the Dockerfile as an builder argument... I think that's the solution for Rails 7.0 and for Rails 7.1 the solution is will test again this morning and update here. Closing for now. |
Beta Was this translation helpful? Give feedback.
-
~The precompile line in Dockerfile should be ~
This will create the ENV based on the arg MRSK passes when running the container. For Rails 7.1 Use the newly introduced SECRET_KEY_BASE_DUMMY=1 which tells the precompile step to bypass the secret key base while precompiling. cross-posted to SO |
Beta Was this translation helpful? Give feedback.
-
@jasonfb This is true brand new rails apps, but if somebody is on rails 7.1 and has initializers in the transitional way of requiring credentials without a if guard statement to prevent the initialization if RAILS_MASTER_KEY isn't present they will run into the same error. |
Beta Was this translation helpful? Give feedback.
-
Ok back at this after a break. Strangly none of these solutions work for me, including my own. Re-opening discussion as this is still not resolved (going down the Rails 7.0 rabbit hole, not yet tested against Rails 7.1) if I enable
I have the master key of course my question is how do I get it into into the Docker container |
Beta Was this translation helpful? Give feedback.
-
SOLUTION Rails 7.0 Rails 7.1 cc: @jmarsh24 |
Beta Was this translation helpful? Give feedback.
-
https://jasonfleetwoodboldt.com/courses/rails-7-crash-course/mrsk-on-amazon-ec2/ |
Beta Was this translation helpful? Give feedback.
-
Would it be good solution? #config/environments/staging.rb
config.require_master_key = !ENV["SECRET_KEY_BASE_DUMMY"].present? |
Beta Was this translation helpful? Give feedback.
-
Testing using MRSK 0.11.0
Please bear with me as I am working through numerous MRSK setup issues and I am new to MRSK and relatively new to Docker.
Initially started building this app using the default
config/deploy.yml
file, making small tweeks and re-testing each time as I worked through various issues.Somewhere along the way, I uncommented this code in the deploy.yml file:
(1)
Note that I just uncommented the code, leaving the characters
RAILS_MASTER_KEY
as just a string. It is not clear to me reading the instructions and default of the file whether it should have been replaced by my real master key (or not?).I was confused by the comment in the default file that reads: "(secrets come from .env)" which made me think that the string
RAILS_MASTER_KEY
would get replaced by the secret in the.env
file.Somewhere along the way, someone on SLACK suggested this as a way to bring your Ruby version, bundler version, and secret key into the MRSK setup:
(2)
(Notice that these are builder args, not env secret)
Should I also do this same syntax for env secret configured in
config/deploy.yml
?If I do this:
(3)
then I can no longer do anything with MRSK at all --it's like I'm borked now ---
mrsk lock release
andmrsk deploy
both now tell me:ERROR (KeyError): key not found: "f0e5e49fXXXXXXXXXXXXXXXXXXXXXX"
(rest of key has been obscured for privacy but I confirmed it matches my real secret key. )
If I use the original syntax (#1), then the lock mechanism works as expected to release the lock, but when I try to deploy, I get:
Note that in production.rb this line has been UNCOMMENTED:
as well, my app contains
config/master.key
(but it is not being copied into the container by Dockerfile), and my app also has the RAILS_MASTER_KEY set as an.env
variable.if I locally run
RAILS_ENV=production rails s
, I get these result:if I instead run
RAILS_ENV=development rails s
, I get this:The Dockerfile is the same Dockerfile found on https://www.driftingruby.com/episodes/deploying-with-mrsk and the line that it fails on is:
Beta Was this translation helpful? Give feedback.
All reactions