Useful Kamal Command Lines
Last Updated On: 2025-09-01 04:31:51 -0400
I’ve moved into Rails 8 as of 2025 after about 3 years from doing, well, fsck all in the tech world. Or as you might say “I’m back Baby! I’m back!!!”
Long time readers – not that there are any left in this Social Media ruled world where blogs are literal data dinosaurs that roam the earth moaning “where are my readers” will remember that deploy has always been my Rails Vietnam. I’ve been using Kamal for Rails 8 deployment and I have a relationship with it that ranges from:
- love hate
- hate hate
- HATE HATE HATE
- FSCK YOU DHH
Its been an interesting journey. I would contend that Rails 8 including Kamal shipped too damn early and isn’t really finished but who am I to say.
As always with anything deploy, I did a lot of this in parallel with my favorite pairing partner, the incredible Nick Janetakis. Nick is a world known Docker expert and a superb consultant. Thank you Nick.
Key Thing to Understand
Recently I had a real *censored of a time making two rails apps deploy using kamal. The problem seemed to be that Rails 8 defaults to using environment variables for LOCAL DEVELOPMENT if they are set EVEN WHEN THE CREDENTIALS FILES ON DISK ARE CORRECT.
Rails can be an asshole.
Before you do any local development, I strongly recommend that you:
unset RAILS_MASTER_KEY
unset SECRET_KEY_BASE
bin/rails credentials:show
Note: If you see nil in the output of bin/rails credentials:show that just means that the enviroment variable wasn’t set.
Key Commands for Credentials and Kamal
Compare master key locally versus server side
Dev:
cat config/master.key
Server:
kamal app exec -i "cat config/master.key"
Note: Doesn’t work despite what ChatGPT and Claude hallucinate:
NOPE: kamal app exec -i "echo $RAILS_MASTER_KEY"
Compare Credentials Files Locally versus Server Side
Dev:
cat config/credentials.yml.enc
Server:
kamal app exec -i "cat config/credentials.yml.enc"
Show Credentials Locally versus Server Side
Dev:
bin/rails credentials:show
Server:
kamal app exec -i "bin/rails credentials:show"
Log in Server Side
kamal app exec -i bash
Compare master.key dev and production
Dev:
cat config/master.key
Server:
kamal app exec -i bash
echo $RAILS_MASTER_KEY
How to Setup and Deploy
kamal setup
kamal build push
kamal deploy
kamal proxy reboot
Location of Secrets on Server Side
NOTE: status is the name of your app as defined in deploy.yml
cat ~/.kamal/apps/status/env/roles/web.env
Check Env Vars
kamal app exec -i bash
echo $RAILS_MASTER_KEY
echo $SECRET_KEY_BASE
How to Create a Rails Master Key & Create a Rails Secret Tied to Master Key
Note: This is OSX specific (the reference to pbcopy)
Dev:
rm config/master.key
rm config/credentials.yml.enc
rails secret | head -c 32 > config/master.key
cat config/master.key | pbcopy
RAILS_MASTER_KEY=(Paste in here) EDITOR=nano rails credentials:edit
bin/rails credentials:show
NOTE: Rails Master Keys must be 32 characters long; any longer or shorter and it will not work
How to Check Stored Secrets on the Server
Note: not real keys below.
Server:
cat .kamal/apps/pollitifyhub/env/roles/web.env
RAILS_MASTER_KEY=some_value_here
DATABASE_URL=postgres://username:passwork@host.docker.internal/pollitify_hub_production
SECRET_KEY_BASE=a_big_ass_value_here
RAILS_SERVE_STATIC_FILES=true
HONEYBADGER_API_KEY=a_value_here
Files You Have to Edit for Deployment:
config/database.yml
.kamal/secrets
config/deploy.yml
Dockerfile
config/production.rb
.env.production
Gemfile
config/honeybadger.yml
Please note that .env.production is my personal way of handling secrets. Yes Kamal has a secrets facility but I don’t like to be tied to paid services like 1 password. My assumption is that my personal machine is secure and I can put a copy of these values into a local password safe rather than paying a recurring fee to a password service.