Error during rails credentials:edit "ActiveSupport::MessageEncryptor::InvalidMessage"

I was trying to add a Slack webhook to the Rails app, when I ran bin/rails credentials:edit I got the error ActiveSupport::MessageEncryptor::InvalidMessage.

Why that happened? It turned out it was because I lost the key 😅 (config/master.key) .

The reason that you can use bin/rails credentials:edit to save credentials and commit them into Git repo is because it's encrypted with master.key. And to read the credentials, you'll also need the key to decrypt it.

master.key lives outside of Git repo

config/master.key is listed in the .gitignore so it should never get stored in a Git repo. So if you git clone an existing repo on another machine, you'd need to manually retrieve the file (if it's used in any of the local dev or test env).

If you lose the master key and run bin/rails credentials:edit, it'll still generate one for you but of course that wouldn't be the same as before and you'll get the ActiveSupport::MessageEncryptor::InvalidMessage error.

Recover the master.key

I'm using Heroku to host my website, and the master.key was set in Heroku config when I first upgraded it to Rails 5.2, so it can be easily retrieved from the Heroku config command:

heroku config:get RAILS_MASTER_KEY

Save or override that to config/master.key.

Learn more about Rails credentials:

• Rails 5.2 Release Notes on Credentials
• RAILS ENCRYPTED CREDENTIALS ON RAILS 5.2
• Railsconf video: Encrypted Credentials on Rails 5.2: Secrets to Success