使用Capistrano 3部署时设置secret_key_base [英] Setting up secret_key_base on deploy with Capistrano 3
问题描述
因此,我将在Apache和Phusion Passenger上运行的Rails 4应用程序部署到在DigitalOcean上托管的Ubuntu Droplet。部署后,由于Rails的生产,我得到了500枚硬币,却没有找到 secret_key_base
令牌进行生产。但是,如果我运行 echo $ SECRET_KEY_BASE
,它将返回我deploy.rb生成的rake机密。
So I'm deploying to a Ubuntu droplet hosted on DigitalOcean a Rails 4 application running on Apache and Phusion Passenger. After deployment I've been getting 500s as a result of Rails production not finding the secret_key_base
token for production. However, if I run an echo $SECRET_KEY_BASE
it returns the rake secret generated by my deploy.rb.
deploy.rb用来设置的任务是:
The deploy.rb task to set that up is:
namespace :deploy do
task :start do ; end
task :stop do ; end
desc "Setup ENV variables"
task :env_vars do
on "root@xxx.xxx.xxx.xx" do
execute "export SECRET_KEY_BASE=#{`bundle exec rake secret`}"
end
end
end
before "deploy", "deploy:env_vars"
但是,Rails仍然没有捡起它。我什至将服务器缩进服务器,并在 rails控制台
中进行了检查,并且 ENV [ SECRET_KEY_BASE]
返回正确的秘密
However, Rails is still not picking it up. I even ssh'd into my server and in rails console
checked and ENV["SECRET_KEY_BASE"]
returns the correct secret token.
我认为使用Capistrano的:default_env
可行,但这似乎只能为部署任务,但实际上不在服务器上。有什么简单的方法可以解决这个问题?我的后备方法是将秘密放在 secrets.yml
内,因为该回购是私人的,但我宁愿不这样做。
I thought using Capistrano's :default_env
would work, but that only seems to set up environmental variables for the deploy task, but not actually on the server. Is there any easy way to solve this solution? My fallback is to just place the secret within secrets.yml
since the repo is private, but I rather not do that.
推荐答案
精确完成此任务有一个亮点:$ b $ b https://github.com/capistrano-plugins/capistrano-secrets-yml
There is a gem for exactly this task: https://github.com/capistrano-plugins/capistrano-secrets-yml
安装
将此添加到Gemfile中:
Add this to Gemfile:
group :development do
gem 'capistrano', '~> 3.2.1'
gem 'capistrano-secrets-yml', '~> 1.0.0'
end
然后:
$捆绑安装
设置和用法
make sure your local config/secrets.yml is not git tracked. It should be on the disk, but gitignored.
在本地config / secrets.yml中填充生产机密。
populate production secrets in local config/secrets.yml:
production:
secret_key_base: d6ced...
添加到Capfile:
add to Capfile:
require 'capistrano/secrets_yml'
通过执行以下任务在远程服务器上创建secrets.yml文件:
create secrets.yml file on the remote server by executing this task:
$ bundle exec cap production setup
现在,您可以继续执行其他部署任务。
You can now proceed with other deployment tasks.
这篇关于使用Capistrano 3部署时设置secret_key_base的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!