For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by
`ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key.
Edit given environment credentials file by command `rails credentials:edit --environment production`.
Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
As discussed in #33203 rails command already looks for, and runs,
bin/rails if it is present.
We were mixing recommendations within guides and USAGE guidelines,
in some files we recommended using rails, in others bin/rails and
in some cases we even had both options mixed together.
For gitignore generated by `rails new`, key with a leading slash is specified.
69f976b859/railties/lib/rails/generators/rails/app/templates/gitignore (L11)
Therefore, when executing `credentials:edit`, also need leading slack.
In order to avoid such a difference, fixed to use same method for
`rails new` and `credentials:edit`.