Secrets decryption error appeared (ActiveSupport::MessageEncryptor::InvalidMessage)

Hi,

How to fix the recent error regarding rails secrets encryption and ruby?

I have one container running since week start that allows we to “rails secrets:edit” successfully. Today, if I carbon copy the source code, do new bundle install and secrets fail. What is going on?

Message from application: ActiveSupport::MessageEncryptor::InvalidMessage (ActiveSupport::MessageEncryptor::InvalidMessage)
/bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/message_encryptor.rb:133:in rescue in _decrypt' /bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/message_encryptor.rb:111:in _decrypt’
/bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/message_encryptor.rb:84:in decrypt_and_verify' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/secrets.rb:55:in decrypt’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/secrets.rb:96:in preprocess' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/secrets.rb:27:in block in parse’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/secrets.rb:24:in each' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/secrets.rb:24:in each_with_object’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/secrets.rb:24:in parse' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/application.rb:391:in secrets’
/var/www/html/config/initializers/swagger_ui_engine.rb:3:in block in <top (required)>' /bundle/ruby/2.5.0/gems/swagger_ui_engine-1.1.0/lib/swagger_ui_engine.rb:15:in configure’
/var/www/html/config/initializers/swagger_ui_engine.rb:1:in <top (required)>' /bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/dependencies.rb:286:in load’
/bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/dependencies.rb:286:in block in load' /bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/dependencies.rb:258:in load_dependency’
/bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/dependencies.rb:286:in load' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/engine.rb:655:in block in load_config_initializer’
/bundle/ruby/2.5.0/gems/activesupport-5.1.5/lib/active_support/notifications.rb:168:in instrument' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/engine.rb:654:in load_config_initializer’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/engine.rb:612:in block (2 levels) in <class:Engine>' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/engine.rb:611:in each’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/engine.rb:611:in block in <class:Engine>' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/initializable.rb:30:in instance_exec’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/initializable.rb:30:in `run’

/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/initializable.rb:59:in block in run_initializers' /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:228:in block in tsort_each’
/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:350:in block (2 levels) in each_strongly_connected_component' /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:422:in block (2 levels) in each_strongly_connected_component_from’
/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:431:in each_strongly_connected_component_from' /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:421:in block in each_strongly_connected_component_from’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/initializable.rb:48:in each' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/initializable.rb:48:in tsort_each_child’
/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:415:in call' /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:415:in each_strongly_connected_component_from’
/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:349:in block in each_strongly_connected_component' /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:347:in each’
/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:347:in call' /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:347:in each_strongly_connected_component’
/usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:226:in tsort_each' /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:205:in tsort_each’
/bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/initializable.rb:58:in run_initializers' /bundle/ruby/2.5.0/gems/railties-5.1.5/lib/rails/application.rb:353:in initialize!’
/var/www/html/config/environment.rb:5:in <top (required)>' config.ru:3:in require_relative’
config.ru:3:in block in <main>' /bundle/ruby/2.5.0/gems/rack-2.0.4/lib/rack/builder.rb:55:in instance_eval’
/bundle/ruby/2.5.0/gems/rack-2.0.4/lib/rack/builder.rb:55:in initialize' config.ru:1:in new’
config.ru:1:in <main>' /usr/share/passenger/helper-scripts/rack-preloader.rb:110:in eval’
/usr/share/passenger/helper-scripts/rack-preloader.rb:110:in preload_app' /usr/share/passenger/helper-scripts/rack-preloader.rb:156:in module:App
/usr/share/passenger/helper-scripts/rack-preloader.rb:30:in <module:PhusionPassenger>' /usr/share/passenger/helper-scripts/rack-preloader.rb:29:in

Let me clarify the situation more, I see the typos.

In my rails app, I was able to do “rails secrets:edit”. The setup was stable and worked months, pipeline was building the app container for release too. This week, I have realized that when the container gets built in the pipeline then app fails to start with the error below.

While I can run the app in my development container that had bundle installed weeks ago, in all other containers where bundle install gets performed, since this week, the app fails to start with the below error.

The app uses ruby 2.5.0 and rails 5.1.5, bundler (1.16.1), rubygems-bundler (1.4.4)

This error looks the same as a one, a few months ago, when ruby 2.5 required upgrade to the system gemset. Has anyone an idea what had gone wrong? Comparing Gemfile.lock between containers, bundled gems are of identical versions. It boils down to the ruby systems gemset, however, gemset is the latest version per below. Encryption key is identical, 100 times copied over or sent in env var :wink: for not believing the app fails to start.

$ sudo gem update --system

Latest version already installed. Done.

Cheers, Thomas

Let’s ditch encrypted secrets. Rails 5.2 has been released. Moving to credentials.

Re: [Rails] Re: Secrets decryption error appeared (ActiveSupport::MessageEncryptor::InvalidMessage)
Thomas,

Could you point me at documentation about credentials v. encrypted secrets, please?

Ralph

Friday, April 13, 2018, 4:13:35 AM, you wrote:

Let’s ditch encrypted secrets. Rails 5.2 has been released. Moving to credentials.

http://guides.rubyonrails.org/security.html#custom-credentials