Rails Encrypted Credentials Use AES 128-bit Key


Rails 5.2 introduces Credentials which replaces Secrets and Encrypted Secrets from previous Rails versions. I have previously written about Credentials for those of you wanting to know more.

The key used to encrypt credentials, called the Rails master key, is automatically generated when you create a new Rails app or when you run bin/rails credentials:edit. If you like to create a new key, you can run

bin/rails runner "puts ActiveSupport::EncryptedFile.generate_key"

A sample output is 3c134fbe372d70b309852d98874661b2. This is a hex with a length of 32. Why is the length 32? Let's find out.

For the Credentials feature, Rails uses the encryption cipher aes-128-gcm. AES is Advanced Encryption Standard. 128 is the number of bits of the key. GCM is Galois Counter Mode.

The Rails master key is in hexadecimal. Two of these make up a byte so our key is 16 bytes or 128 bits.

Put another way, each hex is 4 bits since it can have 16 values. 4 bits for each of the 32 is 128.

Looking at the Rails source code, ActiveSupport::EncryptedFile.generate_key calls


The key length of the cipher aes-128-gcm is 16 (in bytes). This number is taken from OpenSSL.

 => 16 

The SecureRandom.hex code above is equivalent to


The unpack method called with H* transforms the 16 bytes from random_bytes to a hex with length of 32.

Whey did Rails choose 128 bits? Is it secure?

Key lengths can be confusing because you encounter different numbers and recommendations. For example, when creating an SSH RSA key, you need to use at least a 2048-bit key. This is way larger than 128 bits.

AES is a symmetric cipher. You can't compare it with RSA, an asymmetric cipher. AES supports only 3 key lengths - 128, 192, and 256. Choosing a larger key isn't always a good idea because of performance reasons. In the case of AES, 128 is secure enough. It will take several decades to break an AES 128-bit key in the absence of quantum computers.

It is interesting to note that key lengths for symmetric ciphers only matters if a brute-force attack is the best-known attack. If an analytical attack exists, a large keyspace does not help at all. In the case of AES, no such attack exists and that's why it's the currently most used symmetric cipher today.

Ruby for Rails, Security
Subscribe for Updates

Related posts


Subscribe to our Blog