I’ve really been enjoying using Rails credentials but I have to think I’m missing something when there’s a merge conflict with a Rails credentials file. Right now my workflow is to have two copies of the repository locally and manually compare the old and new credentials file to get credentials file to the correct state.
Here’s a simple example where editing the credentials file fails.
A change is made in the honeybadger/setup branch to the credentials:
➜ git:(honeybadger/setup) ✗ git c "Cred"
[honeybadger/setup b313466] Cred
1 file changed, 1 insertion(+), 1 deletion(-)
rewrite config/credentials.yml.enc (100%)
Attempting to merge with main which modified similar credentials which results in a merge conflict:
➜ git:(honeybadger/setup) git m main
Auto-merging config/credentials.yml.enc
CONFLICT (content): Merge conflict in config/credentials.yml.enc
Automatic merge failed; fix conflicts and then commit the result.
Attempt to edit the credentials file which fails and so I’m unable to see the contents of the file:
➜ git:(honeybadger/setup) ✗ bin/rails credentials:edit
Couldn't decrypt config/credentials.yml.enc. Perhaps you passed the wrong key?
Maybe the project wasn’t enrolled in diffing, enroll it, great it’s enrolled:
➜ git:(honeybadger/setup) ✗ rails credentials:diff --enroll
Enrolled project in credentials file diffing!
Rails ensures the rails_credentials diff driver is set when running `credentials:edit`. See `credentials:help` for more.
Attempt to edit the credentials file with diffing enabled, complains that I must have the wrong key
➜ git:(honeybadger/setup) ✗ bin/rails credentials:edit
Couldn't decrypt config/credentials.yml.enc. Perhaps you passed the wrong key?
At this point the credentials file now looks like, truncated keys and it’s just dummy data:
<<<<<<< HEAD
KVl1t6aZ+R312Hn2s6AwWmr7v3mG09T1XWD5BON82tB/p3PH9mClcOSZwALXsDHZj/vGIXCcp0Qrtctt7YTB5zLbbooKIJWYSu0iWebrw8OijVwwBw1uyPaGj3oJqIukHpRHwTLdDzPS3f9aMfdY71ovsaOJM2t3iDWIYjxf7ov3RfYYPFi6GwCk/epH5SXoHQY3JxlE3gGd61PdGv9yENIpxC0u4NBbWRJqIIFns8llnoS86KxRt/as5OXTbJ1JrKg==
=======
fPxx52eV8IqhpNalcAKcKQO9K3ykLZrSfQiXjZT37c26GPF99J3gqia/jXAn+lchj7/V/Lbq5J6s7Az9vId8URubDzgSFZkYn51lpoJnFhdVKQfPI4R9tuvH+efVLMqlNB9oKg/6u1Qrtuqn8M2S/XCJnAuf19Dcc7axW5kBLJVgUonwBW7/4Klue/N3fnSgilz7PrNtJe9PUXWSitTnCKCF1IF0jckx5fr8lHaX52uMS3jSv5KmItB3HCXE8B1txwW4g7Rv+HODzIok=--wIw6ORC2KwUs2gdL--ecX3CtyURGZNL97sRcT0HQ==
>>>>>>> main
Reset the merge so that I can confirm that the correct master key is in place and successfully edit the file again:
➜ git:(honeybadger/setup) ✗ git reset --hard
HEAD is now at b313466 Cred
➜ git:(honeybadger/setup) bin/rails credentials:edit
File encrypted and saved.
Ensure that the master.key is ignored from git so it’s not getting overwritten somehow with the merge:
➜ git:(honeybadger/setup) ✗ cat .gitignore| grep master
# Ignore master key for decrypting credentials and more.
/config/master.key
Is there a better workflow to figure out credential diffs? What is everyone else doing? Am I missing a setup step?
