Setting up secret_key_base on deploy with Capistra

2020-07-18 10:09发布

站内问答 / 移动开发
528 4 4

So I'm deploying to a Ubuntu droplet hosted on DigitalOcean a Rails 4 application running on Apache and Phusion Passenger. After deployment I've been getting 500s as a result of Rails production not finding the secret_key_base token for production. However, if I run an echo $SECRET_KEY_BASE it returns the rake secret generated by my deploy.rb.

The deploy.rb task to set that up is:

namespace :deploy do
  task :start do ; end
  task :stop do ; end

  desc "Setup ENV variables"
  task :env_vars do
    on "root@xxx.xxx.xxx.xx" do
      execute "export SECRET_KEY_BASE=#{`bundle exec rake secret`}"
    end
  end
end

before "deploy", "deploy:env_vars"

However, Rails is still not picking it up. I even ssh'd into my server and in rails console checked and ENV["SECRET_KEY_BASE"] returns the correct secret token.

I thought using Capistrano's :default_env would work, but that only seems to set up environmental variables for the deploy task, but not actually on the server. Is there any easy way to solve this solution? My fallback is to just place the secret within secrets.yml since the repo is private, but I rather not do that.

4条回答
来,给爷笑一个
2楼-- · 2020-07-18 10:49

You can create a file in your server called application.yml in shared/config.

Choose any one of solution from bellow

Following code in deploy.rb will automatically symlink your application.yml

set :linked_files, %w{config/application.yml}

Or

Then symlink this application.yml with your current/config/application.yml with a simple capistrano task.

查看更多
0人赞 添加讨论(0) 举报
The star\"
3楼-- · 2020-07-18 10:56

Give up on environment vars and just simply read a file. Do this in secrets.yml.

production:
  secret_key_base: <%= File.read('/home/me/SECRET_KEY_BASE').strip %>

Then make the secret file.

$ rake secret > ~/SECRET_KEY_BASE

Before settling on this solution I tried exporting the secret from my .bash_profile, .profile, and .bashrc (top and bottom). I also tried PermitUserEnvironment and .ssh/environment. I have no idea how an environment variable gets from "the environment" into a capistrano deployment. I ran ssh example.com printenv and saw my vars. I logged in and saw my vars. But puma started with capistrano... it always has it's own environment.

查看更多
0人赞 添加讨论(0) 举报
劳资没心,怎么记你
4楼-- · 2020-07-18 11:10

Rather than exporting env variables in deploy.rb, use dotenv to load environment variables from .env[.<staging>] into ENV when rails booting.

Follow these steps:

Add this line to the top of your Gemfile:

gem 'dotenv-rails'

Put .env.production file into the linked_file in deploy/production.rb:

set :linked_files, fetch(:linked_files, []).push('.env.production')

On the remote host, add the .env.production file in shared folder which contains this line:

SECRET_KEY_BASE=<Your secret>
查看更多
0人赞 添加讨论(0) 举报
Evening l夕情丶
5楼-- · 2020-07-18 11:12

There is a gem for exactly this task: https://github.com/capistrano-plugins/capistrano-secrets-yml

Install

Add this to Gemfile:

group :development do
  gem 'capistrano', '~> 3.2.1'
  gem 'capistrano-secrets-yml', '~> 1.0.0'
end

And then:

$ bundle install

Setup and usage

make sure your local config/secrets.yml is not git tracked. It should be on the disk, but gitignored.

populate production secrets in local config/secrets.yml:

production:
  secret_key_base: d6ced...

add to Capfile:

require 'capistrano/secrets_yml'

create secrets.yml file on the remote server by executing this task:

$ bundle exec cap production setup

You can now proceed with other deployment tasks.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)