Devise: Devise.secret_key was not set

As the message says:

Please add the following to your Devise initializer:

config.secret_key = '-- secret key --'

Also, I strongly recommend to not use Devise master for now. It is highly unstable.

@josevalim Shouldn't rails generate devise:install create the devise initializer?

It does, we generate for new applications. If you are upgrading, you need to add it.

@josevalim It gives that error with a new app also.

You are right, thanks. the issue has been fixed on master.

I am having the same issue. Was this ever resolved?

Sample problem here - and when trying to fix it by adding "config.secret_key = '{secretkey}' I get error "undefined method 'secret_key='/
Any idea what I've got wrong?

I figured it out. I went to my routes.rb file and commented out the line devise_for :installs

Then I went back and reran rails generate devise:install. If that doesn't work, use the previous version of devise by editing your Gemfile's reference to Devise like this: gem 'devise', '3.0.3' and then follow the steps i mentioned above.

hope it helps!

Same for me. I tried the above, it fails.
Added devise.rb to /initializers, config.secret_key = 'safadfstgferster5tg, etc' Now error on restarting the server :
Rails_projects/My_App/config/initializers/devise.rb:3:in <top (required)>': undefined local variable or methodconfig' for main:Object (NameError)
gem 'devise', '3.0.3' did not fix the problem
Now I cannot drop the table _devise_create_install.rb. :SQLException: no such table.
Very puzzling!

@arelem3 what do you mean you added devise.rb to initializers? If you don't have this file in your initializers lib you should run Devise generator that will generate it for you: rails g devise:install

@marfo thanks, worked for me

@Dorian Rails 4.1 will come with a better way to handle tokens, we will migrate to such approach once Rails 4.1 is out.

On 09/08/2013 09:50 PM, Vasiliy Ermolovich wrote:

@arelem3 https://github.com/arelem3 what do you mean you added
|devise.rb| to initializers? If you don't have this file in your
initializers lib you should run Devise generator that will generate it
for you: |rails g devise:install|

—
Reply to this email directly or view it on GitHub
https://github.com/plataformatec/devise/issues/2554#issuecomment-24019574.

Thanks Vasiliy
Ok here's where I'm at!
I installed devise and cancan gems in my home version of the live app.
Following instructions for devise I found that the devise:install did
not generate the devise.rb file so I created it, also it would not
create the user.. it was then that I asked the above question.
The app had so many errors I deleted it and git cloned a fresh version.
This time devise:install created all the files.
Looking thru the logs I think I did devise :install in the first
instance and not devise:install. Trap for the unwary.

3 immediate problems.
First, devise created a /registrations folder in /devise, my app already
has a full working registrations system.
Second devise creates users. I already had a user system set up from
following Agile 4 and Ryan Bate's tuts, this is useless for devise.
Third, I have a sessions controller from the above tuts and devise sets
up sessions, conflict again.

Deleted the app and cloned again.
This time devise did it's thing and 'rails g devise member' worked.
All good but now devise is looking for registrations on sign_up --
http://localhost:3000/registrations/member produces error: No route
matches [POST] "/registrations/member
I think it is looking in my /registrations and not devise/registration.

Unless there is some way of setting things in routes, I'm thinking I'll
have to rewrite the app from scratch after installing devise and cancan
and not use those conflicting names.
Funny, All I wanted to do was stop everyone except the owners from
viewing show, index, new.

I have no idea how to resolve this
Roger

I solve my initializer problem with this ugly approach:

config.secret_key = 'some1234keyq23' if Rails.env == 'production'

in config/initializers/devise.rb
It now works in production as well as in development !

@yasinishyn I'm getting the same error. I don't understand what secret key it is I'm supposed to put in though? Where do I find this key?

@holgersindbaek put in config/initializers/devise.rb:

config.secret_key = 'd84134f28f412ca83539652b09f9f98eff96c9aa7c6c792d959416d5aa368a409362ec6e2ac90af0be62395ae3925f760d7f956fe4efba4eb11f0696956a8f5f'

Use rake secret to generate one.

@JuanitoFatas That is some sort of secret key, but what purpose does it have, since it's not really secret?

In previous versions, Devise stored the tokens for confirmation, reset password and unlock directly in the database. This meant that somebody with read access to the database could use such tokens to sign in as someone else by, for example, resetting their password.

In Devise 3.1, we store an encrypted token in the database and the actual token is sent only via e-mail to the user. This means that:

Devise now requires a config.secret_key configuration. As soon as you boot your application under Devise 3.1, you will get an error with information about how to proceed;

Read full article here.

You can use SettingsLogic to put this secret_key in config/application.yml and add config/application.yml to .gitignore. Remember to create a config/application.example.yml.

I hope this helps.

I've tried all of the above, none of them work if you are using Rails 4, Devise 3.0.3 is there any other way to solve this problem. I am somewhat new to all of this but this hangup has curbed development for three straight days - would love a known solution.

@JuanitoFatas Can you go into more detail about SettingsLogic? Did it work? I can't tell if you are offering a known solution or something you think would fix the problem. Thanks!

@ChrisDaltas Hi. I use SettingsLogic and devise 3.1 in one of my projects and it works.

In my Rails 4 app which i am adding Devise to , it seems adding the line to config/initilizers/devise.rb don't fix it, instead i get "undefined local variable or method config' for main:Object (NameError)" Then i tried adding Devise.config but i got "undefined methodconfig' for Devise:Module (NoMethodError)"!!

@nimir JuanitoFatas's suggestions above should work, here is my config/initilizers/devise.rb snapshot:

  Devise.setup do |config|
    config.secret_key = '{secret_key}'
    ...
  end

where secret_key is using rake secret to generate. I am using Rails 4.0 and latest devise and it works for me.

+1 to @marfo's approach. Fixed for me.

thank you @marfo, worked for me

Marfo, thanks a ton! That did help. I didn't have devise_for :installs, but commented out to > devise_for :users. I did run into some other stuff (regarding some bin issues in 4.0.0) but "bundle exec >same command as usual<" saved the day.

I was running into undefined methodsecret_key=' for Devise:Modulebut none of the above approaches worked for me. Instead I re-installed the devise gem, deletedconfig/initializers/devise.rband ranrails g devise:install`. This fixed the issue.

i try what you said @ignition25...
I have rails-4.0.0 and install the last devise.
but not work.
maybe i'm not understand.... when you write "re-installed the devise gem"... did you just "gem install devise" directly or do something other before ?
did you install something more before (like SettingsLogic) ?

Because for me... this not works: same error.

thanks for help

@jerome2: Try gem uninstall devise choose all versions then follow the instructions from my previous post.

"choose all version"... what did you want i do ? I not understand: install all versions ? devise version i installed is 3.1.1. I uninstalled it, installed (gem) again, and delete devise.rb and run "rails g devise:install" (not work).

I'm sorry to not understand, to be sure, could you please give me a protocole (like 1: gem uninstall devise / 2: gem install devise(?version?), etc...

1: gem uninstall devise =====> (no more devise installed... all has been deleted)
2: gem install devise =====> (version devise-3.1.1 has been installed...
also, i see some files has been changed 8 hours before on git server history)
3: delete the /config/initializers/devise.rb
4: rails g devise:install =====> raise_no_secret_key': Devise.secret_key was not set. Please add .... 5: create again the lake file with config.secret_key as asked... (exact copy/paste) 6: rails g devise:install =====> ERROR: undefined local variable or methodconfig' for main:Object

????

@jerome2, I think you are getting a different error than I was. Sorry I don't have more information, hopefully someone will post on this thread who does.

ok sorry, i thank that you were on same rails 4.0.0 version framework, that's why i asked.
No problem, i hope this will be fix on devise for rails 4 or someone who has same framework will find solution and show it.

Here's a slightly more 12-factor config friendly approach until https://github.com/plataformatec/devise/issues/2554#issuecomment-24108992 is done

  if Rails.env.development? or Rails.env.test?
      config.secret_key = ('x' * 128)
  else
      config.secret_key = ENV['DEVISE_SECRET_KEY']
  end

https://github.com/timabell/symbol-library/blob/master/config/initializers/devise.rb#L10

The ENV variable needs to be available at build time (took ages to figure this out) so if you are on heroku you'll need user-env-compile - https://devcenter.heroku.com/articles/labs-user-env-compile

@timabell Thank you for that link. I was having trouble pushing a Rails 4 app to Heroku and that add-on solved the problem.

Why is this still not working? I can be wrong, though in my case it works only in development (i assume it takes secret_key_base) but in production i'm getting error about secret key not being set.

Is there anything special to do to make it work on production too?

So still no proper solution besides some hacks? I remember there was a task generate_secrets for Capistraion 2 floating around. It did it job pretty well. So why not provide something similliar by default? (And yes i know how i come up with my own solution, but i hate to not have a proper way of doing it).

to generate secret key, run command

_bundle exec rake secret_

and then copy secret key from console log to devise.rb, which would be something like

config.secret_key = '4fce3c1c860216b8......'