If you have just started using Ruby on Rails, or you have just updated your Rails application, you may have noticed that config/secrets.yml no longer exists, and it has been replaced by config/credentials.yml.enc.

This means that we can stop using gems like Figaro and .env to secure our private credentials.

You will also notice a file called config/master.key, which is the file that unlocks and decrypts config/credentials.yml.enc. To create a new master.key, open the Rails Console and run rails secret.

Opening the credentials file

# In your terminal run:
EDITOR="vim" rails credentials:edit
# You could subsitute vim with nano, vi, or any other code editor you want to use. I like Vim.

# To avoid having to put the EDITOR text every time, set a preferred editor in the command line:
vim ~/.profile
# Now that the file is open add:
export EDITOR=vim
export VISUAL=vim
:wq! # save and exit the file

# Restart your computer, and now you can run just:
rails credentials:edit # while inside your project

Okay for starters lets add our database credentials

# Inside of config/credentials.yml.enc add:
    postgres_username: your_name
    postgres_password: your_pasword
# save and exit the file

# Now open config/dastabase.yml and add:
username: <%= Rails.application.credentials.dig(:development, :postgres_username) %>
password:  <%= Rails.application.credentials.dig(:development :postgres_password) %>

# You can also check that it worked by opening the Rails console
rails c
# This will display your password

Development and production

# For other important secrets you can set up both development and production keys like so: 

    stripe_publishable_key: some-example-key
    stripe_secret_key: some-example-key

    stripe_publishable_key: some-example-key
    stripe_secret_key: some-example-key

Image Hosting

# Say you are using Amazon, you could do this:
    access_key_id: some_key
    secret_access_key: some_key

# This would then be called with
access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>

# In the Rails console you could also run:
# This will display the key in the console

Pushing to Heroku

We now have to tell Heroku what our master key is since it's hidden by our gitignore file. We want it to be hidden, so don't remove it. :)

# In the command line run:
cat config/master.key 
# copy the output and login into Heroku
# Got to settings, then reveal Config Vars, and create a new record: 
# Then paste in the key you copied on the other line

I hope this helps get you started, it helped me to get it all straight.