Rails Master Key

Description

General

• Documentation: https://guides.rubyonrails.org/security.html#custom-credentials
• Summary: Ruby on Rails is a web framework written in Ruby. By default, Rails encrypt secrets before storing them in a credentials.yml.enc file. This file contains at least the secret_key_base of the application that is used to encrypt cookies as well as any other secret useful to the application such as API keys. To encrypt the credentials.yml.enc file, Rails uses a key stored in a master.key file. This detector focuses on catching this master key.

Revoke the secret

If it does not exist yet, the master.key file is created when the credentials file is edited with the command bin/rails credentials:edit. This is a good way to generate a new master key.

Check for suspicious activity

Details for Rails secret key base master key

• Family: PrivateKey

• Category: Private key

• High recall: False

• Validity check available: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 7.7

• Prefixed: False

• PreValidators:

- type: FilenameWhitelistPreValidator
  whitelist_extensions: []
  whitelist_filenames: []
  whitelist_filepaths:
    - ^(.*/|)config/credentials/[^/]*(?<!test)(?<!dev)(?<!development)\.key$
    - ^(.*/|)master.key$

Examples

- text: 127038aa5eb2406d6a8cdf2c3de55341
  secret_key: 127038aa5eb2406d6a8cdf2c3de55341

- text: 127038aa5eb2406d6a8cdf2c3de55341
  secret_key: 127038aa5eb2406d6a8cdf2c3de55341
  # Skip this one because we can't detect it with ggshield
  skip_sample_secrets: true

- text: 243438AE2EF6007F6A8BAB5D8BB54326
  secret_key: 243438AE2EF6007F6A8BAB5D8BB54326
  # Skip this one because we can't detect it with ggshield
  skip_sample_secrets: true

- text: 243438AE2EF6007F6A8BAB5D8BB54326
  secret_key: 243438AE2EF6007F6A8BAB5D8BB54326

Was this page helpful?