Using mix phx.gen.secret question

colincullen · October 13, 2020, 6:46pm

I expected ‘mix phx.gen.secret’ to generate a secret as the lone output. Many example of its usage are to set the environment variable for use in deployments, e.g.:

export SECRET_KEY_BASE=mix phx.gen.secret

When I use perform this command, what I get when I inspect SECRET_KEY_BASE is:

'__________________________________
| => echo ${SECRET_KEY_BASE}

_build apps config deps elixir_buildpack.config junk mix.exs mix.lock package-lock.json phoenix_static_buildpack.config rel runtime.log Running mix loadconfig (inside Rumbl.Umbrella.MixProject) _build apps config deps elixir_buildpack.config junk mix.exs mix.lock package-lock.json phoenix_static_buildpack.config rel runtime.log Running mix deps.loadpaths (inside Rumbl.Umbrella.MixProject) _build apps config deps elixir_buildpack.config junk mix.exs mix.lock package-lock.json phoenix_static_buildpack.config rel runtime.log Running mix phx.gen.secret (inside Rumbl.Umbrella.MixProject) Fl1p1XPidhd0W28PP3ZyFtP/7R6PD2Hnr/7aMCDCSHbBMfcDED3lkRo1cjgqjfS4
’
where the secret is the last part, the preceding part is mix output. I thought that mix phx.gen.secret would output only the actual secret by itself. So I am a little confused on how performing an export on the environment variable SECRET_KEY_BASE make sense in all the examples I have seen so far. I could use some much appreciated direction here. I feel like I am missing something. Best.

I also notice if I just execute:
‘mix phx.gen.secret’
on the command line then the output will be different but will also contain some mix output before the actual generated secret.

’
| => mix phx.gen.secret

** Running mix loadconfig (inside Rumbl.Umbrella.MixProject)

** Running mix deps.loadpaths (inside Rumbl.Umbrella.MixProject)

** Running mix phx.gen.secret (inside Rumbl.Umbrella.MixProject)

sImmy3MXXmQcACHgoUivw0+5PLpoR9vMfHSUSAi9kv3Plh4fdNnYVhSCbdRLfKCa
’

chulkilee · October 14, 2020, 3:50am

Seems like MIX_DEBUG=1 is set - see https://hexdocs.pm/mix/Mix.html#module-environment-variables for the list of env variables mix uses.

However, mix still may print out other messages (like compiling message), so using the output as-is is not a good idea.

The actual secret generation is pretty simple and it does not use any dependencies, so you can just run elixir code. Note that it does include some new lines, so you may use tr or sed to remove them as needed.

elixir -e ":crypto.strong_rand_bytes(32) |> Base.encode64() |> binary_part(0, 32) |> IO.puts()"

Source:

github.com

phoenixframework/phoenix/blob/v1.5.6/lib/mix/tasks/phx.gen.secret.ex#L28


  def run([_|_]), do: invalid_args!()

  defp parse!(int) do
    case Integer.parse(int) do
      {int, ""} -> int
      _ -> invalid_args!()
    end
  end

  defp random_string(length) when length > 31 do
    :crypto.strong_rand_bytes(length) |> Base.encode64 |> binary_part(0, length)
  end
  defp random_string(_), do: Mix.raise "The secret should be at least 32 characters long"

  @spec invalid_args!() :: no_return()
  defp invalid_args! do
    Mix.raise "mix phx.gen.secret expects a length as integer or no argument at all"
  end
end

Also note that changing the value would break existing cookie/session, so you should keep it somewhere and pass it - either using the above snippet or mix phx.gen.secret or any other tools.

Tip: use markdown to format your output - like ```

colincullen · October 14, 2020, 4:06pm

Thank you chulkilee! I had set MIX_DEBUG=1 in .bash_profile a while back and forgot about it.

mix phx.gen.secret now works like I expected. Thanks for the lesson on how it is generated also.

| => mix phx.gen.secret

KMtNJ/pHZfrpCU8lVJk4XhpkQUbZOzXCYpj2Ri1ERSLB/zn64RaAA6/mzPcySYtX

Best!