Hi Alberto, Thanks for your response. What I meant is that if some else get my private key then he would be able to decrypt the credentials file.
I was suggesting that there should be a rake task or something like that which uses current masker.key and generate a new master.key. That way we can change our master.key whenever required. Please let me know your thoughts on it. On Thursday, April 26, 2018 at 7:29:08 PM UTC+5:30, Alberto Almagro wrote: > > Hi Pradeep, > > from my point of view, in case the master.key gets compromised, as you > say, you still know it and can access your credentials. In this case, you > would always be able to set up credentials again. > > I think you meant "in case you forget the master.key". The problem that > comes to my mind is that you can't easily have a mechanism to restore it > without opening a security hole, which is what this feature wants to avoid. > Did you already come up with an idea to handle this? > > Kind regads, > Alberto Almagro > > El jueves, 26 de abril de 2018, 8:41:21 (UTC+2), Pradeep Agrawal escribió: >> >> There should be a functionality by that we can change master.key just >> like we change our password by providing current password and new password >> similarly we should be able to change master.key by using current >> master.key and it should generate new master.key and encrypt current >> credentials by newly created master.key. >> >> I think this would be a required feature as we are going to use Rails >> encrypted credentials and once our maser.key got compromised then we don't >> have a way to change it. >> >> I created an issue for the same over here. You can refer this for more >> details. >> >> Issue of the same <https://github.com/rails/rails/issues/32718> >> >> Please let me know your thoughts on this. >> > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-core@googlegroups.com. Visit this group at https://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.