Credentials

Jumpstart Pro uses Rails 6's new environment credentials to separate out credentials for each environment into its own encrypted file.

Environment Credentials

Rails 6 introduced "environment credentials" which we strongly encourage using.

You can share the keys for each environment with only the users / environments that need to know them, which improves the security of your credentials. This also helps make sure you don't accidentally use development keys in production or vice versa.

rails credentials:edit --environment=development
rails credentials:edit --environment=staging
rails credentials:edit --environment=production

Organization

When you create your credentials file for the first time, the contents will look like this to make adding your API keys really easy.

# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
secret_key_base: a630828ec5d34e7c6289974406480291e50feb94b51669d44c343393bf75780b1f18cd5a8d8b1013bd510a0a6e95d5ac369caa78da4036b2334938dae711c66a

# aws:
#   access_key_id: 123
#   secret_access_key: 345

# Jumpstart config
# ----------------
# Here you can define global credentials which will be available for all environments.
# You can override for an environment by nesting them under the environment keys
# For example:
#
# stripe_key: 'xxx'
# production:
#   stripe_key: 'yyy'
#
# This will use 'yyy' in production, but 'xxx' in any other environment.

# Used for encrypting OAuth access tokens
access_token_encryption_key: '00yVyzT9Iv1sH72n2hsA5/SI/7KVWcniTZHjOipG7h4='

# Login Providers via OmniAuth
# ---------------
omniauth:
  # Add other OmniAuth providers here

  facebook:
    # https://developers.facebook.com/apps/
    public_key: ''
    private_key: ''

  google_oauth2:
    # https://code.google.com/apis/console/
    public_key: ''
    private_key: ''

  github:
    # https://github.com/settings/developers
    public_key: ''
    private_key: ''

  twitter:
    # https://apps.twitter.com
    public_key: ''
    private_key: ''

# Mail Providers
# --------------

mailjet:
  # https://app.mailjet.com/account/setup
  username: ''
  password: ''
  domain: ''

mailgun:
  # https://app.mailgun.com/app/sending/domains/<YOUR_MAILGUN_DOMAIN>/credentials
  username: ''
  password: ''

mandrill:
  # https://mandrillapp.com/settings/index
  username: ''
  password: ''
  domain: ''

postmark:
  # https://account.postmarkapp.com/servers -> Server -> Credentials
  username: ''
  password: ''

sendgrid:
  # https://app.sendgrid.com/settings/api_keys
  username: 'apikey'
  password: ''
  domain: example.com

sendinblue:
  # https://account.sendinblue.com/advanced/api
  username: ''
  password: ''

ses:
  # https://console.aws.amazon.com/ses/home
  username: ''
  password: ''
  address: ''

sparkpost:
  # https://app.sparkpost.com/account/api-keys
  username: 'SMTP_Injection'
  password: ''

### Payment Providers

# Braintree Payments (Required for PayPal support)
# https://braintreegateway.com
# https://sandbox.braintreegateway.com
# Webhooks should be pointed to https://domain.com/webhooks/braintree
braintree:
  environment: ''
  public_key: ''
  private_key: ''
  merchant_id: ''

# Stripe Payments
# https://dashboard.stripe.com/account/apikeys
stripe:
  public_key: ''
  private_key: ''

  # For processing Stripe webhooks
  # https://dashboard.stripe.com/account/webhooks
  # Webhooks should be pointed to https://domain.com/webhooks/stripe
  signing_secret: ''

###  Integrations

airbrake:
  # https://airbrake.io
  project_id: ''
  project_key: ''

appsignal:
  # https://appsignal.com App -> App Settings -> Push & deploy -> Push key
  api_key: ''

convertkit:
  # https://app.convertkit.com/account/edit#account_info
  api_key: ''
  api_secret: ''

drip:
  # https://www.getdrip.com/user/edit
  api_key: ''
  account_id: ''

honeybadger:
  # https://www.honeybadger.io/
  api_key: ''

intercom:
  # https://intercom.io
  # You can find this at Settings > Installation > Web
  app_id: ''

  # Optional, used for Identity Verification
  # You can find this at Settings > Installation > Security > Enforce identity on web
  api_secret: ''

mailchimp:
  # https://mailchimp.com/
  api_key: ''

scout:
  # https://scoutapm.com/
  api_key: ''

sentry:
  # https://sentry.io
  dsn: ''

skylight:
  # https://skylight.io
  auth_token: ''

rollbar:
  # https://rollbar.com/
  access_token: ''

Deploying To Staging / Production

Simply add your staging.key or production.key to your deployment environment variables as RAILS_MASTER_KEY. This will let Rails decrypt your credentials in staging or production.