5 files changed, 18 insertions, 20 deletions

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 6ce8b0b2d9..abfec90b6d 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -403,12 +403,12 @@ module Rails
     end
 
     # The secret_key_base is used as the input secret to the application's key generator, which in turn
-    # is used to create all the MessageVerfiers, including the one that signs and encrypts cookies.
+    # is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies.
     #
     # In test and development, this is simply derived as a MD5 hash of the application's name.
     #
     # In all other environments, we look for it first in ENV["SECRET_KEY_BASE"],
-    # then credentials[:secret_key_base], and finally secrets.secret_key_base. For most applications,
+    # then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications,
     # the correct place to store it is in the encrypted credentials file.
     def secret_key_base
       if Rails.env.test? || Rails.env.development?
diff --git a/railties/lib/rails/commands/credentials/USAGE b/railties/lib/rails/commands/credentials/USAGE
index 5bd9f940fd..85877c71b7 100644
--- a/railties/lib/rails/commands/credentials/USAGE
+++ b/railties/lib/rails/commands/credentials/USAGE
@@ -10,7 +10,7 @@ to get everything working as the keys are shipped with the code.
 === Setup
 
 Applications after Rails 5.2 automatically have a basic credentials file generated
-that just contains the secret_key_base used by the MessageVerifiers, like the one
+that just contains the secret_key_base used by MessageVerifiers/MessageEncryptors, like the ones
 signing and encrypting cookies.
 
 For applications created prior to Rails 5.2, we'll automatically generate a new
diff --git a/railties/lib/rails/commands/credentials/credentials_command.rb b/railties/lib/rails/commands/credentials/credentials_command.rb
index 39a4e3c833..88fb032d84 100644
--- a/railties/lib/rails/commands/credentials/credentials_command.rb
+++ b/railties/lib/rails/commands/credentials/credentials_command.rb
@@ -53,7 +53,6 @@ module Rails
 
         def ensure_master_key_has_been_added
           master_key_generator.add_master_key_file
-          master_key_generator.ignore_master_key_file
         end
 
         def ensure_credentials_have_been_added
diff --git a/railties/lib/rails/generators/rails/app/templates/gitignore b/railties/lib/rails/generators/rails/app/templates/gitignore
index c37f01a848..83a7b211aa 100644
--- a/railties/lib/rails/generators/rails/app/templates/gitignore
+++ b/railties/lib/rails/generators/rails/app/templates/gitignore
@@ -7,9 +7,6 @@
 # Ignore bundler config.
 /.bundle
 
-# Ignore master key for decrypting credentials and more.
-/config/master.key
-
 <% if sqlite3? -%>
 # Ignore the default SQLite database.
 /db/*.sqlite3
diff --git a/railties/lib/rails/generators/rails/master_key/master_key_generator.rb b/railties/lib/rails/generators/rails/master_key/master_key_generator.rb
index 36a0b69e76..a79e83495a 100644
--- a/railties/lib/rails/generators/rails/master_key/master_key_generator.rb
+++ b/railties/lib/rails/generators/rails/master_key/master_key_generator.rb
@@ -22,6 +22,8 @@ module Rails
           say ""
           add_master_key_file_silently key
           say ""
+
+          ignore_master_key_file
         end
       end
 
@@ -29,24 +31,24 @@ module Rails
         create_file MASTER_KEY_PATH, key || ActiveSupport::EncryptedFile.generate_key
       end
 
-      def ignore_master_key_file
-        if File.exist?(".gitignore")
-          unless File.read(".gitignore").include?(key_ignore)
-            say "Ignoring #{MASTER_KEY_PATH} so it won't end up in Git history:"
-            say ""
-            append_to_file ".gitignore", key_ignore
+      private
+        def ignore_master_key_file
+          if File.exist?(".gitignore")
+            unless File.read(".gitignore").include?(key_ignore)
+              say "Ignoring #{MASTER_KEY_PATH} so it won't end up in Git history:"
+              say ""
+              append_to_file ".gitignore", key_ignore
+              say ""
+            end
+          else
+            say "IMPORTANT: Don't commit #{MASTER_KEY_PATH}. Add this to your ignore file:"
+            say key_ignore, :on_green
             say ""
           end
-        else
-          say "IMPORTANT: Don't commit #{MASTER_KEY_PATH}. Add this to your ignore file:"
-          say key_ignore, :on_green
-          say ""
         end
-      end
 
-      private
         def key_ignore
-          [ "", "# Ignore master key for decrypting credentials and more.", MASTER_KEY_PATH, "" ].join("\n")
+          [ "", "# Ignore master key for decrypting credentials and more.", "/#{MASTER_KEY_PATH}", "" ].join("\n")
         end
     end
   end