This blog is part of our Rails 7 series.
Rails stores secrets in config/credentials.yml.enc, which is encrypted and cannot be edited directly. You can read more about credentials management here: Rails security guide.
Rails 7 allows access to nested encrypted secrets (credentials) by method calls. We can easily access the nested secrets present in the credentials YAML file like we've accessed top-level secrets previously:
1# config/credentials.yml.enc 2 3secret_key_base: "47327396e32dc8ac825760bb31f079225c5c0" 4aws: 5 access_key_id: "A6AMOGVNQKCWLNQ" 6 secret_access_key: "jfm6b9530tPu/h8v93W4TkUJN+b/ZMKkG"
1=> Rails.application.credentials.aws 2=> {:access_key_id=>"A6AMOGVNQKCWLNQ", :secret_access_key=>"jfm6b9530tPu/h8v93W4TkUJN+b/ZMKkG"}
Before Rails 7
1=> Rails.application.credentials.aws[:access_key_id] 2=> "A6AMOGVNQKCWLNQ" 3 4=> Rails.application.credentials.aws.access_key_id 5=> NoMethodError (undefined method `access_key_id' for #<Hash:0x00007fb1adb0cca8>)
After Rails 7
1=> Rails.application.credentials.aws.access_key_id 2=> "A6AMOGVNQKCWLNQ"
Check out this pull request for more details.