Rails 5.2凭据：编辑不像secret_key_base

Question

我一直在尝试在我的登台服务器中调试我的凭证文件。每当我尝试编辑登台服务器上的凭据时，都会收到以下错误：

/var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:583:in `validate_secret_key_base': `secret_key_base` for staging environment must be a type of String`

我的database.yml文件如下所示：

---
default: &default
  adapter: postgresql
development:
  <<: *default
  database: dev_db
  host: <%= Rails.application.credentials.database.fetch(:development).fetch(:host) %>
  username: <%= Rails.application.credentials.database.fetch(:development).fetch(:username) %>
  password: <%= Rails.application.credentials.database.fetch(:development).fetch(:password) %>
  secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:development) %>
test:
  <<: *default
  database: test_db
  host: <%= Rails.application.credentials.database.fetch(:development).fetch(:host) %>
  username: <%= Rails.application.credentials.database.fetch(:development).fetch(:username) %>
  password: <%= Rails.application.credentials.database.fetch(:development).fetch(:password) %>
  secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:development) %>
staging:
  <<: *default
  database: <%= Rails.application.credentials.database.fetch(:staging).fetch(:name) %>
  host: <%= Rails.application.credentials.database.fetch(:staging).fetch(:host) %>
  username: <%= Rails.application.credentials.database.fetch(:staging).fetch(:username) %>
  password: <%= Rails.application.credentials.database.fetch(:staging).fetch(:password) %>
  secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:staging) %>
production:
  <<: *default
  database: <%= Rails.application.credentials.database.fetch(:production).fetch(:name) %>
  host: <%= Rails.application.credentials.database.fetch(:production).fetch(:host) %>
  username: <%= Rails.application.credentials.database.fetch(:production).fetch(:username) %>
  password: <%= Rails.application.credentials.database.fetch(:production).fetch(:password) %>
  secret_key_base: <%= Rails.application.credentials.secret_key_base.fetch(:production) %>

我认为我的暂存secret_key_base属于String类型。我使用secret_key_base生成了rails secret。在本地，当我打开rails控制台时，我可以查看我的暂存环境的secret_key_base：

[1] pry(main)> Rails.application.credentials.secret_key_base.fetch(:staging)
\=> "generated_using_rails_secret"

它返回一个字符串，但每当我尝试在登台环境中访问凭据时，我仍会收到上面的错误消息。

Answer 1

如果从命令行运行rails credentials:edit，它将解密config/credentials.yml.enc文件。

然后，您可以编辑此文件以添加基于环境的密钥，就像您之前添加到config/secrets.yml一样。

保存此文件时，将再次加密，并包含新信息。

没有理由拥有＆＃34; secret_key_base＆＃34;在您的database.yml文件中，因为这不会产生任何影响。

Nice Article on the new Rails credentials

此外，因为rails现在更长时间为您生成config/secrets.yml文件，从rails 5.2开始，添加一个文件仍然可以像以前的版本一样正常工作。

Answer 2

我最终查看了堆栈跟踪并挖掘了 Exception in thread "main" org.apache.poi.EmptyFileException: The supplied file was empty (zero bytes long) at org.apache.poi.util.IOUtils.peekFirstNBytes(IOUtils.java:74) at org.apache.poi.util.IOUtils.peekFirst8Bytes(IOUtils.java:57) at org.apache.poi.poifs.filesystem.FileMagic.valueOf(FileMagic.java:135) at org.apache.poi.ss.usermodel.WorkbookFactory.create(WorkbookFactory.java:177) at org.apache.poi.ss.usermodel.WorkbookFactory.create(WorkbookFactory.java:149) at package1.ClassA1.main(ClassA1.java:25) gem。

缩写堆栈跟踪：

railties-5.2.0

我最后查看了ArgumentError: `secret_key_base` for staging environment must be a type of String` /var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:583:in `validate_secret_key_base' /var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:432:in `secret_key_base' /var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:176:in `key_generator' /var/www/bundle/ruby/2.5.0/gems/railties-5.2.0/lib/rails/application.rb:205:in `message_verifier' 并看到了以下代码：

railties-5.2.0/lib/rails/application.rb:432:

我错误地认为我可以为个别环境指定# The secret_key_base is used as the input secret to the application's key generator, which in turn # is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies. # # In test and development, this is simply derived as a MD5 hash of the application's name. # # In all other environments, we look for it first in ENV["SECRET_KEY_BASE"], # then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications, # the correct place to store it is in the encrypted credentials file. def secret_key_base if Rails.env.test? || Rails.env.development? Digest::MD5.hexdigest self.class.name else validate_secret_key_base( ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base ) end end 。相反，我只能指定一个密钥库。秘密密钥库显然与SECRET_KEY_BASE无关。我需要阅读它以及它实际上做了什么。