Rails 5.2 and Rails 6 introduced the idea of rails credentials:edit which allowed you to create encrypted credentials that stored things like API keys with commands like this:
rails credentials:edit --environment development
What this does is create a file in config/credentials and edit and then (theoretically) save it, in an encrypted state.
I was recently using this on a Rails 6 application and I found that no matter what I did my credentials did not save. A colleague of mine traced this to an issue with the $EDITOR variable I had set via this Stack Overflow post:
I had this problem in rails 5.2.0 using textmate as the editor. It turns out the credentials file must be closed after save in order for the changes to persist.
My $EDITOR variable was set to:
echo $EDITOR /usr/local/bin/mate
The solution was actually simple – specify the editor before you run the command (and use VI as the editor) so:
EDITOR=vi rails credentials:edit --environment development
And bada bing, bada boom – my credentials were actually saved.