Should be able to regenerate master.key

There should be a functionality by that we can change master.key just like we change our password by providing current password and new password similarly we should be able to change master.key by using current master.key and it should generate new master.key and encrypt current credentials by newly created master.key.

I think this would be a required feature as we are going to use Rails encrypted credentials and once our maser.key got compromised then we don’t have a way to change it.

I created an issue for the same over here. You can refer this for more details.

Issue of the same

Please let me know your thoughts on this.

Hi Pradeep,

I think you meant “in case you forget the master.key”. The problem that comes to my mind is that you can’t easily have a mechanism to restore it without opening a security hole, which is what this feature wants to avoid. Did you already come up with an idea to handle this?

Kind regads,

Alberto Almagro

Hi Alberto,

Thanks for your response. What I meant is that if some else get my private key then he would be able to decrypt the credentials file.

I was suggesting that there should be a rake task or something like that which uses current masker.key and generate a new master.key. That way we can change our master.key whenever required.

Please let me know your thoughts on it.

Hi Alberto,

I have figured out a way to do that. That is a trick right now but end result would be what we want. I am planning to create a rake task for this which will do this.

Please let me if I should do that.

Hi Pradeep,

sorry for the delay, I had a lot going on these days.

At the end the functionality would be more or less what it is at the moment, but I like the point that you don’t have to recreate everything. It would be simply to encrypt the secrets again with a new generated key. Provided that you must supply the current master.key to be able to trigger the process, it seems interesting to me.

Lets see if a member of the Rails Core team shares his/her thoughts about this.