I'm attempting to deploy to a staging environment with capistrano.
I've set up my encrypted secrets and tested on development, and the secrets appear available. I've setup the staging environment config for read_encrypted_secrets = true. My secret key file is git-ignored. I have ssh'ed into my staging environment and placed the secrets.yml.key in the app_name/current/config directory. I am deploying to an AWS EC2 instance. I am not using the RAILS_MASTER_KEY environment variable.
When I run cap staging deploy and choose my release tag, I run into this error during deploy:migrating bundle exec rake db:migrate
01 rake aborted!
01 Rails::Secrets::MissingKeyError: Missing encryption key to decrypt secrets with. Ask your team for your master key and put it in ENV["RAILS_MASTER_KEY"]
I have the correct key on the server, why isn't rails finding/using it?
The app_name/current path is just a symlink to the newest Capistrano release. That means that the contents of app_name/current/config will change every time you run cap staging deploy. If you manually add a file to that directory via ssh, it will no longer be there on the subsequent deploy.
The proper way to add a configuration file to the server that will persist across all deploys is to place it in the shared directory. Specifically:
app_name/shared/config/secrets.yml.key.Locally, in deploy.rb, add the following:
append :linked_files, "config/secrets.yml.key"
Now run cap staging deploy.