Rails Encrypted Credentials Use AES 128-bit Key


Rails 5.2 introduces Credentials which replaces Secrets and Encrypted Secrets from previous Rails versions. I have previously written about Credentials for those of you wanting to know more.

The key used to encrypt credentials, called the Rails master key, is automatically generated when you create a new Rails app or when you run bin/rails credentials:edit. If you like to create a new key, you can run

bin/rails runner "puts ActiveSupport::EncryptedFile.generate_key"

A sample output is 3c134fbe372d70b309852d98874661b2. This is a hex with a length of 32. Why is the length 32? Let's find out.

For the Credentials feature, Rails uses the encryption cipher aes-128-gcm. AES is Advanced Encryption Standard. 128 is the number of bits of the key. GCM is Galois Counter Mode.

The Rails master key is in hexadecimal. Two of these make up a byte so our key is 16 bytes or 128 bits.

Put another way, each hex is 4 bits since it can have 16 values. 4 bits for each of the 32 is 128.

Looking at the Rails source code, ActiveSupport::EncryptedFile.generate_key calls


The key length of the cipher aes-128-gcm is 16 (in bytes). This number is taken from OpenSSL.

 => 16 

The SecureRandom.hex code above is equivalent to


The unpack method called with H* transforms the 16 bytes from random_bytes to a hex with length of 32.

Whey did Rails choose 128 bits? Is it secure?

Key lengths can be confusing because you encounter different numbers and recommendations. For example, when creating an SSH RSA key, you need to use at least a 2048-bit key. This is way larger than 128 bits.

AES is a symmetric cipher. You can't compare it with RSA, an asymmetric cipher. AES supports only 3 key lengths - 128, 192, and 256. Choosing a larger key isn't always a good idea because of performance reasons. In the case of AES, 128 is secure enough. It will take several decades to break an AES 128-bit key in the absence of quantum computers.

It is interesting to note that key lengths for symmetric ciphers only matters if a brute-force attack is the best-known attack. If an analytical attack exists, a large keyspace does not help at all. In the case of AES, no such attack exists and that's why it's the currently most used symmetric cipher today.

Free Ebook: PaaS Is Dead

Platform as a Service (PaaS) is experiencing a digital transformation, and despite what some may argue, it’s far from dead. Learn why PaaS continues to prove it has a promising future for DevOps.

Download Ebook
PaaS Is Dead

Related posts

Do we still need RVM Gemsets?

April 2, 2018

RVM or Ruby Version Manager allows you to install and manage Ruby environments. Similar tools

Read More

Top 5 reasons Not to miss Rails Conf

March 30, 2018

Every year, there is a gathering of developers, looking toward the future of a framework that

Read More

Memcached Security aka Don't Attack GitHub 

March 7, 2018

GitHub recently experienced the largest attack we've seen to date. At the peak, they received

Read More

Christopher Rigor

Christopher Rigor is a Senior Technical Evangelist at Engine Yard. He’s a long time Rails user, system administrator, and recently became a contributor of RailsInstaller. Previously, he was the DevOps Support Manager for Asia-Pacific at Engine Yard.
Find me on:


Subscribe Here!