ruby on rails: heroku: Missing `secret_key_base` for 'production' environment

7
votes

I added the key into heroku config var, but I'm still getting the error.

Is this the correct way? I ignored secrets.yml as I read from other sources that its not a good idea to push this to the public.

in the heroku config var:

[key] SECRET_KEY_BASE
[value] 3280570382948240938

in secrets.yml

production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

What am I still doing wrong?

Furthermore, if I put my secret keys into heroku's config variable, don't other developers get to see this too? So, isn't that still kind of public? I've always wondered this concept.

3
ruby-on-railsrubyruby-on-rails-4herokuenvironment-variables
Other developers cannot see your environment variables, since each Heroku app runs on a separate virtual service instance.Andy Waite

3 Answers

10
votes

you can set environment variable with heroku config

first generate secret key with run below command on terminal

rake secret

Now use that key on below command

heroku config:set SECRET_KEY_BASE='put here new generated key'

you can refer this link for more refference

https://devcenter.heroku.com/articles/config-vars

4
votes

here is a fool-proof way to set the secret key base with heroku:

heroku config:set SECRET_KEY_BASE=$(rake secret)

you can see it with heroku config:get SECRET_KEY_BASE

and check that rails picks it up with Rails.application.secret_key_base (in heroku run rails console for instance)

3
votes

I had the same issue today, but for me the solution was a bit different. I realized that in my local environment, I had been using:

Rails.application.secrets.secret_key_base

but for Heroku, instead use:

Rails.application.secret_key_base

^This worked in my local environment as well. Not sure what the extra .secrets is for.