DEPRECATION WARNING: Rails.application.secrets is deprecated in favor of Rails.application.credentials Rails 7.1 and Devise
DEPRECATION WARNING: Rails.application.secrets is deprecated in favor of Rails.application.credentialsI recently upgraded to Rails 7.1 for my project, kidcarekit (a daycare management Saas) and upon running my tests, discovered a dreaded DEPRECATION WARNING. Well, at least we caught it before 7.2 was released!
Being relatively new to rails, I wasn't immediately clear how to update my project to use the new Rails.application.credentials instead of secrets. My application.rb file looked like this, and the error pointed at Bundler.require(*Rails.groups)
require_relative "boot"
require "rails/all"
# Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups)
module Kidcarekit
... After some digging it looks like this was due to the Devise gem having a SecretKeyFinder that looked like this:
# frozen_string_literal: true
module Devise
class SecretKeyFinder
def initialize(application)
@application = application
end
def find
if @application.respond_to?(:credentials) && key_exists?(@application.credentials)
@application.credentials.secret_key_base
elsif @application.respond_to?(:secrets) && key_exists?(@application.secrets)
@application.secrets.secret_key_base
elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config)
@application.config.secret_key_base
elsif @application.respond_to?(:secret_key_base) && key_exists?(@application)
@application.secret_key_base
end
end
private
def key_exists?(object)
object.secret_key_base.present?
end
end
end
The FIX - I am able to mitigate the warning by implementing a Devise-specific secret key in devise.rb, but I'd like to keep it using the secret_key_base. So, in light of Rails 7.1 just being release yesterday, I've decided to wait for Devise to catch up!