Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license CC4-BY
posted in category Software Development & Programming / Ruby on Rails
posted at 24. Jan '22
last updated at 28. Oct '24

Howto Fix OpenSSL::Cipher::CipherError on Ruby on Rails 7 / Rails 8

I upgraded CMS of myrtana, oni_sorceress, to Rails 7 - generated a new application and moved files over there, but the deploy failed on:

EDIT: the same case with Rails 7.2 upgrade to Rails 8 RC1.

What to do:

  • in old version EDITOR=vim bin/rails credentials:edit copy stuff over to a temporary file
  • in new version remove master.key and credentials.yml.enc
  • run EDITOR=vim bin/rails credentials:edit to create new master.key and credentials.yml.enc
  • paste stuff from a temporary file
  • copy master.key if you need to

Error:

tasks: TOP => deploy:assets:precompile
(See full trace by running task with --trace)
The deploy has failed with an error: Exception while executing as myrtana_sk@myrtana.sk: rake exit status: 1
rake stdout: Nothing written
rake stderr: rake aborted!
ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/message_encryptor.rb:208:in `rescue in _decrypt'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/message_encryptor.rb:185:in `_decrypt'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/message_encryptor.rb:159:in `decrypt_and_verify'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/messages/rotator.rb:22:in `decrypt_and_verify'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_file.rb:92:in `decrypt'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_file.rb:54:in `read'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_configuration.rb:21:in `read'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_configuration.rb:33:in `config'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_configuration.rb:48:in `options'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/core_ext/module/delegation.rb:303:in `method_missing'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activerecord-7.0.1/lib/active_record/railtie.rb:342:in `block in <class:Railtie>'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:32:in `instance_exec'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:32:in `run'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:61:in `block in run_initializers'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:60:in `run_initializers'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/application.rb:372:in `initialize!'
/home/myrtana_sk/releases/20220124223022/config/environment.rb:5:in `<top (required)>'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/zeitwerk-2.5.3/lib/zeitwerk/kernel.rb:35:in `require'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/zeitwerk-2.5.3/lib/zeitwerk/kernel.rb:35:in `require'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/application.rb:348:in `require_environment!'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/application.rb:510:in `block in run_tasks_blocks'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/sprockets-rails-3.4.2/lib/sprockets/rails/task.rb:61:in `block (2 levels) in define'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
/home/myrtana_sk/.rbenv/versions/3.1.0/bin/bundle:25:in `load'
/home/myrtana_sk/.rbenv/versions/3.1.0/bin/bundle:25:in `<main>'

Caused by:
OpenSSL::Cipher::CipherError: 
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/message_encryptor.rb:203:in `final'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/message_encryptor.rb:203:in `_decrypt'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/message_encryptor.rb:159:in `decrypt_and_verify'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/messages/rotator.rb:22:in `decrypt_and_verify'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_file.rb:92:in `decrypt'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_file.rb:54:in `read'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_configuration.rb:21:in `read'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_configuration.rb:33:in `config'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/encrypted_configuration.rb:48:in `options'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activesupport-7.0.1/lib/active_support/core_ext/module/delegation.rb:303:in `method_missing'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/activerecord-7.0.1/lib/active_record/railtie.rb:342:in `block in <class:Railtie>'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:32:in `instance_exec'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:32:in `run'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:61:in `block in run_initializers'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/initializable.rb:60:in `run_initializers'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/application.rb:372:in `initialize!'
/home/myrtana_sk/releases/20220124223022/config/environment.rb:5:in `<top (required)>'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/zeitwerk-2.5.3/lib/zeitwerk/kernel.rb:35:in `require'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/zeitwerk-2.5.3/lib/zeitwerk/kernel.rb:35:in `require'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/application.rb:348:in `require_environment!'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/railties-7.0.1/lib/rails/application.rb:510:in `block in run_tasks_blocks'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/sprockets-rails-3.4.2/lib/sprockets/rails/task.rb:61:in `block (2 levels) in define'
/home/myrtana_sk/shared/bundle/ruby/3.1.0/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
/home/myrtana_sk/.rbenv/versions/3.1.0/bin/bundle:25:in `load'
/home/myrtana_sk/.rbenv/versions/3.1.0/bin/bundle:25:in `<main>'
Tasks: TOP => environment
(See full trace by running task with --trace)

It sucks that openssl cipher object is hard to inspect, but I debugged MessageEncryptor instead. Didn’t really find out exactly what the hell is going on, but in the end I knew. I used old master.key file which not sure what ciper is exactly, but originates from Rails 4 or 5 era.

The solution? Remove credentials.yml and master.key, generated new ones (EDITOR=vim bin/rails credentials:edit), copy data over (or keep them if not really used other than for the session) and copy new master.key to the server (for Capistrano shared/config/master.key).

Now the deploy should work.

Add Comment

Comments (1)

Ricardo
Posted: 2023-02-23 06:48:59 UTC / Approved: 2024-07-30 21:43:54 UTC
Tried this, but didn't work :(