Rails / Unicorn error: Unable to read secret_key_base and secret_token from "config / secrets.yml"

I am using the following versions Unicorn 4.9 Rails 4.2.1 Ruby 2.2.1 Nginx 1.4.6 Capistrano 3.4.0

When I deploy my application to a production server and try to get to one of its pages, I see an error in the unicorn.log file: "Application error: missing secret_token

and secret_key_base

for a" production "environment, set these values ​​to config/secrets.yml


I was reading tones of unicorn problem posts and reading ENV variables, so I included these "missing" keys as constant values ​​in config/secrets.yml




But I still get the same error message, so maybe these are not unicorn + ENV variables. Can you guess what's going on here?

Edit: backtrace for this error

E, [2015-05-11T16:06:55.297893 #26836] ERROR -- : app error: Missing `secret_token` and `secret_key_base` for 'production' environment, set these values in `config/secrets.yml` (RuntimeError)
E, [2015-05-11T16:06:55.298352 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/application.rb:534:in `validate_secret_key_config!'
E, [2015-05-11T16:06:55.298592 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/application.rb:246:in `env_config'
E, [2015-05-11T16:06:55.298839 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/engine.rb:514:in `call'
E, [2015-05-11T16:06:55.299089 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/application.rb:164:in `call'
E, [2015-05-11T16:06:55.299313 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/tempfile_reaper.rb:15:in `call'
E, [2015-05-11T16:06:55.299550 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/commonlogger.rb:33:in `call'
E, [2015-05-11T16:06:55.299778 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/chunked.rb:54:in `call'
E, [2015-05-11T16:06:55.300011 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/content_length.rb:15:in `call'
E, [2015-05-11T16:06:55.300255 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:580:in `process_client'
E, [2015-05-11T16:06:55.300490 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:674:in `worker_loop'
E, [2015-05-11T16:06:55.300722 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:529:in `spawn_missing_workers'
E, [2015-05-11T16:06:55.300955 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:540:in `maintain_worker_count'
E, [2015-05-11T16:06:55.301197 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:294:in `join'
E, [2015-05-11T16:06:55.301506 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/bin/unicorn:126:in `<top (required)>'
E, [2015-05-11T16:06:55.301746 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/bin/unicorn:23:in `load'
E, [2015-05-11T16:06:55.301962 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/bin/unicorn:23:in `<main>'


I noticed that it goes to the named directory ruby/2.2.0

even though it ruby -v

shows ruby ​​2.2.1p85. Does it make sense?


source to share

2 answers

It is not recommended to have your actual secret keys in your secrets.yml file.

So, drop this to a more secure version using environment variables.

secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>


Then add these two lines to your Unicorn environment config file $ / etc / default / unicorn

# Application specific settings


Kill and restart Unicorn processes to load these environment variables.



When deploying applications, security should be the number one priority. I know it's tricky, but security shouldn't be something you implement afterwards.

I wrote a guide to help people install rails app safely using capistrano.

Setup: Nginx + unicorn + zero downtime


It uses dotenv-rails

environment variables to export and with the comment above you can safely use environment variables in your application where needed.

Hope it helps.



All Articles