Rails "Missing `secret_key_base` for 'production' environment" in CI
Rails needs a secret_key_base to boot the production environment (for signing cookies and message verifiers). In CI, a production-mode task fails because neither SECRET_KEY_BASE nor decryptable credentials are available.
What this error means
A production-mode step (assets, a release check) fails with "Missing secret_key_base for 'production' environment, set this string with bin/rails credentials:edit".
ArgumentError: Missing `secret_key_base` for 'production' environment, set this
string with `bin/rails credentials:edit`Common causes
No SECRET_KEY_BASE in the environment
Production reads SECRET_KEY_BASE from the environment or credentials; in CI neither is provided, so boot aborts.
Credentials cannot be decrypted without the master key
The value lives in config/credentials.yml.enc, but RAILS_MASTER_KEY is not set in CI, so Rails cannot read it.
How to fix it
Provide SECRET_KEY_BASE for CI production tasks
A throwaway value is fine for tasks like asset precompilation that only need boot to succeed.
env:
RAILS_ENV: production
SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }}Or supply the master key for credentials
Set RAILS_MASTER_KEY from a secret so Rails can decrypt the stored secret_key_base.
env:
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}How to prevent it
- Store SECRET_KEY_BASE or RAILS_MASTER_KEY as a CI secret.
- Avoid running unnecessary production-mode tasks in CI.
- Use SECRET_KEY_BASE_DUMMY where only boot, not real secrets, is needed.