Error during rails credentials:edit "ActiveSupport::MessageEncryptor::InvalidMessage"

Indoor enthusiast, web developer and former hardcore RTS gamer. #building-bloggie
Jul 23, 2018 253 words

I was trying to add a Slack webhook to the Rails app, when I ran bin/rails credentials:edit I got the error ActiveSupport::MessageEncryptor::InvalidMessage.

Why that happened? After investigation, turned out it was me who lost the key 😅 (config/master.key) 🔑.

The whole reason you can use bin/rails credentials:edit to save credentials, secret keys, etc as if they are plain texts, is because only with the correct master.key it can be deciphered.

master.key lives outside of Git repo

config/master.key is listed in the .gitignore so it should never get stored in a Git repo. So if you git clone an existing repo on another machine, you'd need to manually retrieve the file (if it's used in any of the local dev or test env).

If you lose the master key and run bin/rails credentials:edit, it'll still generate one for you but of course that wouldn't be the same as before and you'll get the ActiveSupport::MessageEncryptor::InvalidMessage error.

Recover the master.key

I'm using Heroku to host my website, and the master.key was set in Heroku config when I first upgraded it to Rails 5.2, so it can be easily retrieved from the Heroku config command:

heroku config:get RAILS_MASTER_KEY

Save or override that to config/master.key.

Learn more about Rails credentials:

Written By


Indoor enthusiast, web developer and former hardcore RTS gamer. #building-bloggie

Enjoyed the post?

Clap to support the author, help others find it, and make your opinion count.


To leave a comment, you need to login first 😉