Error during rails credentials:edit "ActiveSupport::MessageEncryptor::InvalidMessage"

kinopyo avatar


I was trying to add a Slack webhook to the Rails app, when I ran bin/rails credentials:edit I got the error ActiveSupport::MessageEncryptor::InvalidMessage.

Why that happened? It turned out it was because I lost the key 😅 (config/master.key) 🔑.

The reason that you can use bin/rails credentials:edit to save credentials and commit them into Git repo is because it's encrypted with master.key. And to read the credentials, you'll also need the key to decrypt it.

master.key lives outside of Git repo

config/master.key is listed in the .gitignore so it should never get stored in a Git repo. So if you git clone an existing repo on another machine, you'd need to manually retrieve the file (if it's used in any of the local dev or test env).

If you lose the master key and run bin/rails credentials:edit, it'll still generate one for you but of course that wouldn't be the same as before and you'll get the ActiveSupport::MessageEncryptor::InvalidMessage error.

Recover the master.key

I'm using Heroku to host my website, and the master.key was set in Heroku config when I first upgraded it to Rails 5.2, so it can be easily retrieved from the Heroku config command:

heroku config:get RAILS_MASTER_KEY

Save or override that to config/master.key.

Learn more about Rails credentials:

kinopyo avatar
Written By


Indoor enthusiast, web developer, and former hardcore RTS gamer. #parenting
Published in Rails
Enjoyed the post?

Clap to support the author, help others find it, and make your opinion count.