Rails Master Key
#
Description#
General- Documentation: https://guides.rubyonrails.org/security.html#custom-credentials
- Summary: Ruby on Rails is a web framework written in Ruby. By default, Rails encrypt secrets before storing them in a
credentials.yml.enc
file. This file contains at least thesecret_key_base
of the application that is used to encrypt cookies as well as any other secret useful to the application such as API keys. To encrypt thecredentials.yml.enc
file, Rails uses a key stored in amaster.key
file. This detector focuses on catching this master key.
#
Revoke the secretIf it does not exist yet, the master.key
file is created when the credentials file is edited with the command bin/rails credentials:edit
. This is a good way to generate a new master key.
#
Check for suspicious activityRails secret key base master key
#
Details for Family: PrivateKey
Category: Private key
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 7.7
Prefixed: False
PreValidators:
- type: FilenameWhitelistPreValidator whitelist_extensions: [] whitelist_filenames: [] whitelist_filepaths: - ^(.*/|)config/credentials/[^/]*(?<!test)(?<!dev)(?<!development)\.key$ - ^(.*/|)master.key$
#
Examples- text: 127038aa5eb2406d6a8cdf2c3de55341 secret_key: 127038aa5eb2406d6a8cdf2c3de55341
- text: 127038aa5eb2406d6a8cdf2c3de55341 secret_key: 127038aa5eb2406d6a8cdf2c3de55341 # Skip this one because we can't detect it with ggshield skip_sample_secrets: true
- text: 243438AE2EF6007F6A8BAB5D8BB54326 secret_key: 243438AE2EF6007F6A8BAB5D8BB54326 # Skip this one because we can't detect it with ggshield skip_sample_secrets: true
- text: 243438AE2EF6007F6A8BAB5D8BB54326 secret_key: 243438AE2EF6007F6A8BAB5D8BB54326