Thank you @simmerz. I came back to this topic after discovering that our Action Text embedded images stopped working, however images attached directly with Active Storage still work. One difference is that the former use the default service which is a private S3 storage, whereas the latter service is a public S3 storage. We recently rotated the credentials to access AWS, I wonder if it may be the cause of images breaking? I also note that if the secret_key_base changes, attachments (either direct or embedded in Action Text) will also break.
All of these reasons make me uncomfortable using a non-public storage for Action Text embeds, and before proceeding to fixing them I would like the embedded images to use the public storage service instead of the default. I’ll see if we can monkey-patch our app to do so.
Then in a second step we’d need to carefully investigate why the images broke and find better strategies for credential rotation, and document these.
