CipherStash Documentation

Creating deployment credentials

In order for your Rails application to interact with ActiveStash without the need for a user to authenticate, you will need a CipherStash access key.

CipherStash access keys enable your client to programmatically access the CipherStash data service.

This means that any client that has access to this key is authorised to access your data in CipherStash.

The information below will guide you through how to create, list and revoke keys.

Create an access key

  1. In your Rails app with ActiveStash installed, log in to the workspace you are using for your deployment.
rake active_stash:login['add your workspace id here']
  1. Run the below rake command, specifying a name for your access key.

In this example, the access key name is prod.

rake active_stash:access_key:create[prod]

The output will display the access key.

The access key looks similar to the below.

It is made up of a key id and a secret, CSAKaccessKeyId.accessKeySecret.


This is the only time the entire key, including the secret, will be displayed, so make sure to copy the key.

If you do happen to forget to copy the key over, you can always generate a new key, and revoke the previously generated key via the key name.

It is recommended to rotate your access keys regularly. You can do this by generating a new access key, updating your configuration with the new access key, and revoking the old one.

See below on how to list and revoke keys.

List Access keys

To list the access keys for a workspace run:

rake active_stash:access_key:list

Which will output something that looks like this:

| Key Name    | Key ID           | Created At              | Last Used At            |
| prod        | AAABBBCCCDDDJJJ  | 2022-01-01 11:05:46 UTC |                         |

Revoke Access key

To revoke an access key use the below command using the key name you specified for the key.

active_stash:access_key:delete['name of access key to revoke']

You will receive the below confirmation that the key has been revoked.

Key 'access key name' deleted

Next up we will go through the steps to configure your application for deployment.