Back to Blog

Rails 7 adds method calls for nested secrets

on June 9, 2021
This blog is part of our Rails 7 series.

Rails stores secrets in config/credentials.yml.enc, which is encrypted and cannot be edited directly. You can read more about credentials management here: Rails security guide.

Rails 7 allows access to nested encrypted secrets (credentials) by method calls. We can easily access the nested secrets present in the credentials YAML file like we've accessed top-level secrets previously:

1# config/credentials.yml.enc
2
3secret_key_base: "47327396e32dc8ac825760bb31f079225c5c0"
4aws:
5  access_key_id: "A6AMOGVNQKCWLNQ"
6  secret_access_key: "jfm6b9530tPu/h8v93W4TkUJN+b/ZMKkG"
1=> Rails.application.credentials.aws
2=> {:access_key_id=>"A6AMOGVNQKCWLNQ", :secret_access_key=>"jfm6b9530tPu/h8v93W4TkUJN+b/ZMKkG"}

Before Rails 7

1=> Rails.application.credentials.aws[:access_key_id]
2=> "A6AMOGVNQKCWLNQ"
3
4=> Rails.application.credentials.aws.access_key_id
5=> NoMethodError (undefined method `access_key_id' for #<Hash:0x00007fb1adb0cca8>)

After Rails 7

1=> Rails.application.credentials.aws.access_key_id
2=> "A6AMOGVNQKCWLNQ"

Check out this pull request for more details.