With rails 6 (or 5.2) encrypted credentials, I am running into difficulty managing and resolving merge conflicts in the credentials.yml.enc file. As is outlined in the documentation, the intention is that encrypted credentials can be added to source control (https://guides.rubyonrails.org/security.html#custom-credentials)
E.g.
branch_a adds credentials for service a and gets merged to master
branch_b adds credentials for service b and when rebasing, the conflict in the credentials.yml.enc file looks something like this:
<<<<<<< HEAD
sahdkajshdkajhsdkjahsdkjahsdkajhsdkjahsdkjahdskjahsdjkahsdencryptedstring-a09dpjmcas==
=======
laskdjalksjdlakjsdlaksjdlakjsdlaksjdlakjsdlajsdlkajsdlkjasdljalsdajsdencryptedstringrere=
>>>>>>> branch_b
I can view the unencrypted credentials.yml.enc on each branch and resolve conflicts quite manually but is there a better way to go about managing credentials generally in order to avoid these credential conflicts.
It is possible. From the rails credentials usage:
=== Set up Git to Diff Credentials
Rails provides `rails credentials:diff --enroll` to instruct Git to call `rails credentials:diff`
when `git diff` is run on a credentials file.
Running the command enrolls the project such that all credentials files use the
"rails_credentials" diff driver in .gitattributes.
Additionally since Git requires the driver itself to be set up in a config file
that isn't tracked Rails automatically ensures it's configured when running
`credentials:edit`.
Otherwise each co-worker would have to run enable manually, including on each new
repo clone.