You can start with https://blog.saeloun.com/2019/10/10/rails-6-adds-support-for-multi-environment-credentials.html

and https://github.com/rails/rails/issues/30006

For test and development env, you can simply remove the master.key and you will find that rails s works well. You can run rails console, then run Rails.application.credentials.config to see that the value.

But if you have a wrong master.key there and run rails s, you will get an error.

But if you removed master.key, you will find that rails s -e production doesn’t work.

If you have the correct value of master.key, you can run EDITOR=vim rails credentials:edit to edit it.

If you don’t have the correct value of master.key, when you run EDITOR=vim rails credentials:edit, it will generate a new master.key for you but unfortunately that master.key is a wrong one. This is reasonable because it makes the credentials.yml.enc unable to be decrypt unless you have already got a correct master.key.

So you can remove the credentials.yml.enc and master.key and run EDITOR=vim rails credentials:edit to generate a new pair. But before you do that, you should remove master.key and run rails console, then run Rails.application.credentials.config to understand what values you need to set when running EDITOR=vim rails credentials:edit.

All the Rails instance in production env should have the same credentials.yml.enc and master.key.

So you should keep credentials.yml.enc in your sources code.