Rails 7.1 removes the secrets:setup command and deprecates secrets:edit and secrets:show commands

railsSeptember 05, 2023Dotby Alkesh Ghorpade

In Rails 5.1, a new feature called "secrets" was introduced to make it easier for developers to store encrypted credentials or API keys in their repository.

However, the implementation of this feature was confusing to many developers. It needed to be clarified what you should put in the secrets(config/secrets.yml, config/secrets.yml.enc) and whether the SECRET_BASE_KEY is related to the setup in general.

The secrets setup process also included a few unnecessary steps, such as separating secrets into different environments.

DHH and the Rails team added credentials in the Rails 5.2 release to simplify the process.

Before Rails 7.1

In Rails 5.2, a new way to store secrets was introduced called credentials. The old way, called secrets, is still supported, but the rails secrets:setup command will show a deprecation warning and exit without running the command.

> rails secrets:setup

Encrypted secrets is deprecated in favor of credentials. Run:
rails credentials:help

However, the secrets:show and secrets:edit commands were not deprecated in Rails 5.2. These commands will run without raising any warnings or errors and will display the secrets on your terminal.

In Rails 7.1

In Rails 7.1, the deprecated secrets:setup command is removed, and deprecation warnings are now issued for secrets:edit and secrets:show commands.

If you try to execute the rails secrets:setup command, it will throw the following error:

> rails secrets:setup

rails aborted!
Don't know how to build task 'secrets:setup' (See the list of available tasks with `rails --tasks`)

If you execute secrets:show or secrets:edit commands, they will display the below warnings before execution.

> rails secrets:show

`bin/rails secrets:show` is deprecated in favor of credentials and will be removed in Rails 7.2.
Run `bin/rails credentials:help` for more information.

...show command logs

> rails secrets:edit

`bin/rails secrets:edit` is deprecated in favor of credentials and will be removed in Rails 7.2.
Run `bin/rails credentials:help` for more information.

...edit command logs


In Rails 7.1, the usage of Rails.application.secrets is also marked as deprecated. You will receive the following deprecation warning message when this command is executed.

> Rails.application.secrets

`Rails.application.secrets` is deprecated in favor of `Rails.application.credentials` and will be removed in Rails 7.2.

Developers should switch from using secrets to credentials in their Rails applications, as Rails 7.2 will remove all the methods related to secrets. This is a breaking change, so making the switch before upgrading to Rails 7.2 is essential.

To know more about this feature, please refer to this PR.

Closing Remark

Could your team use some help with topics like this and others covered by ShakaCode's blog and open source? We specialize in optimizing Rails applications, especially those with advanced JavaScript frontends, like React. We can also help you optimize your CI processes with lower costs and faster, more reliable tests. Scraping web data and lowering infrastructure costs are two other areas of specialization. Feel free to reach out to ShakaCode's CEO, Justin Gordon, at justin@shakacode.com or schedule an appointment to discuss how ShakaCode can help your project!
Are you looking for a software development partner who can
develop modern, high-performance web apps and sites?
See what we've doneArrow right