From e0d3313bac6bd2fbf10df27d79d72157f63ae6ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wojciech=20Wn=C4=99trzak?= Date: Wed, 19 Sep 2018 23:02:00 +0200 Subject: Support environment specific credentials file. (#33521) For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`. --- railties/lib/rails/commands/credentials/USAGE | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'railties/lib/rails/commands/credentials/USAGE') diff --git a/railties/lib/rails/commands/credentials/USAGE b/railties/lib/rails/commands/credentials/USAGE index ea429f58d8..6b33d1ab74 100644 --- a/railties/lib/rails/commands/credentials/USAGE +++ b/railties/lib/rails/commands/credentials/USAGE @@ -38,3 +38,12 @@ the encrypted credentials. When the temporary file is next saved the contents are encrypted and written to `config/credentials.yml.enc` while the file itself is destroyed to prevent credentials from leaking. + +=== Environment Specific Credentials + +It is possible to have credentials for each environment. If the file for current environment exists it will take +precedence over `config/credentials.yml.enc`, thus for `production` environment first look for +`config/credentials/production.yml.enc` that can be decrypted using master key taken from `ENV["RAILS_MASTER_KEY"]` +or stored in `config/credentials/production.key`. +To edit given file use command `rails credentials:edit --environment production` +Default paths can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`. -- cgit v1.2.3