4 files changed, 2 insertions, 78 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt
index 9c4a77fd1d..4a39e43e57 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt
@@ -14,11 +14,6 @@ Rails.application.configure do
   config.consider_all_requests_local       = false
   config.action_controller.perform_caching = true
 
-  # Attempt to read encrypted secrets from `config/secrets.yml.enc`.
-  # Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or
-  # `config/secrets.yml.key`.
-  config.read_encrypted_secrets = true
-
   # Disable serving static files from the `/public` folder by default since
   # Apache or NGINX already handles this.
   config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
diff --git a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
index 816efcc5b1..8e995a5df1 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
+++ b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
@@ -23,10 +23,8 @@ development:
 test:
   secret_key_base: <%= app_secret %>
 
-# Do not keep production secrets in the unencrypted secrets file.
-# Instead, either read values from the environment.
-# Or, use `bin/rails secrets:setup` to configure encrypted secrets
-# and move the `production:` environment over there.
+# Do not keep production secrets in the repository,
+# instead read values from the environment.
 
 production:
   secret_key_base: <%%= ENV["SECRET_KEY_BASE"] %>
diff --git a/railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb b/railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb
deleted file mode 100644
index 8b29213610..0000000000
--- a/railties/lib/rails/generators/rails/encrypted_secrets/encrypted_secrets_generator.rb
+++ /dev/null
@@ -1,66 +0,0 @@
-require "rails/generators/base"
-require "rails/secrets"
-
-module Rails
-  module Generators
-    class EncryptedSecretsGenerator < Base
-      def add_secrets_key_file
-        unless File.exist?("config/secrets.yml.key") || File.exist?("config/secrets.yml.enc")
-          key = Rails::Secrets.generate_key
-
-          say "Adding config/secrets.yml.key to store the encryption key: #{key}"
-          say ""
-          say "Save this in a password manager your team can access."
-          say ""
-          say "If you lose the key, no one, including you, can access any encrypted secrets."
-
-          say ""
-          create_file "config/secrets.yml.key", key
-          say ""
-        end
-      end
-
-      def ignore_key_file
-        if File.exist?(".gitignore")
-          unless File.read(".gitignore").include?(key_ignore)
-            say "Ignoring config/secrets.yml.key so it won't end up in Git history:"
-            say ""
-            append_to_file ".gitignore", key_ignore
-            say ""
-          end
-        else
-          say "IMPORTANT: Don't commit config/secrets.yml.key. Add this to your ignore file:"
-          say key_ignore, :on_green
-          say ""
-        end
-      end
-
-      def add_encrypted_secrets_file
-        unless File.exist?("config/secrets.yml.enc")
-          say "Adding config/secrets.yml.enc to store secrets that needs to be encrypted."
-          say ""
-
-          template "config/secrets.yml.enc" do |prefill|
-            say ""
-            say "For now the file contains this but it's been encrypted with the generated key:"
-            say ""
-            say prefill, :on_green
-            say ""
-
-            Secrets.encrypt(prefill)
-          end
-
-          say "You can edit encrypted secrets with `bin/rails secrets:edit`."
-
-          say "Add this to your config/environments/production.rb:"
-          say "config.read_encrypted_secrets = true"
-        end
-      end
-
-      private
-        def key_ignore
-          [ "", "# Ignore encrypted secrets key file.", "config/secrets.yml.key", "" ].join("\n")
-        end
-    end
-  end
-end
diff --git a/railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc b/railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc
deleted file mode 100644
index 70426a66a5..0000000000
--- a/railties/lib/rails/generators/rails/encrypted_secrets/templates/config/secrets.yml.enc
+++ /dev/null
@@ -1,3 +0,0 @@
-# See `secrets.yml` for tips on generating suitable keys.
-# production:
-#  external_api_key: 1466aac22e6a869134be3d09b9e89232fc2c2289…