使用Capistrano 3部署时设置secret_key_base [英] Setting up secret_key_base on deploy with Capistrano 3

问题描述

因此，我将在Apache和Phusion Passenger上运行的Rails 4应用程序部署到在DigitalOcean上托管的Ubuntu Droplet。部署后，由于Rails的生产，我得到了500枚硬币，却没有找到 secret_key_base 令牌进行生产。但是，如果我运行 echo $ SECRET_KEY_BASE ，它将返回我deploy.rb生成的rake机密。

So I'm deploying to a Ubuntu droplet hosted on DigitalOcean a Rails 4 application running on Apache and Phusion Passenger. After deployment I've been getting 500s as a result of Rails production not finding the secret_key_base token for production. However, if I run an echo $SECRET_KEY_BASE it returns the rake secret generated by my deploy.rb.

deploy.rb用来设置的任务是：

The deploy.rb task to set that up is:

namespace :deploy do
  task :start do ; end
  task :stop do ; end

  desc "Setup ENV variables"
  task :env_vars do
    on "root@xxx.xxx.xxx.xx" do
      execute "export SECRET_KEY_BASE=#{`bundle exec rake secret`}"
    end
  end
end

before "deploy", "deploy:env_vars"

但是，Rails仍然没有捡起它。我什至将服务器缩进服务器，并在 rails控制台中进行了检查，并且 ENV [ SECRET_KEY_BASE] 返回正确的秘密

However, Rails is still not picking it up. I even ssh'd into my server and in rails console checked and ENV["SECRET_KEY_BASE"] returns the correct secret token.

我认为使用Capistrano的：default_env 可行，但这似乎只能为部署任务，但实际上不在服务器上。有什么简单的方法可以解决这个问题？我的后备方法是将秘密放在 secrets.yml 内，因为该回购是私人的，但我宁愿不这样做。

I thought using Capistrano's :default_env would work, but that only seems to set up environmental variables for the deploy task, but not actually on the server. Is there any easy way to solve this solution? My fallback is to just place the secret within secrets.yml since the repo is private, but I rather not do that.

推荐答案

精确完成此任务有一个亮点：$ b​​ $ b https://github.com/capistrano-plugins/capistrano-secrets-yml

There is a gem for exactly this task: https://github.com/capistrano-plugins/capistrano-secrets-yml

安装

将此添加到Gemfile中：

Add this to Gemfile:

group :development do
  gem 'capistrano', '~> 3.2.1'
  gem 'capistrano-secrets-yml', '~> 1.0.0'
end

然后：

$捆绑安装

设置和用法

make sure your local config/secrets.yml is not git tracked. It should be on the disk, but gitignored.

在本地config / secrets.yml中填充生产机密。

populate production secrets in local config/secrets.yml:

production:
  secret_key_base: d6ced...

添加到Capfile：

add to Capfile:

require 'capistrano/secrets_yml'

通过执行以下任务在远程服务器上创建secrets.yml文件：

create secrets.yml file on the remote server by executing this task:

$ bundle exec cap production setup

现在，您可以继续执行其他部署任务。

You can now proceed with other deployment tasks.

这篇关于使用Capistrano 3部署时设置secret_key_base的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！