key_derivation_salt is not configured.

[GMolini]

Im trying to use this gem to encrypt data. Ive put into my application.rb the following line:
config.active_record.encryption.key_provider = ActiveKms::AwsKeyProvider.new(key_id: Figaro.env.KMS_KEY_ID)

But when I try saving my model I get the following error

/home/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activerecord-7.0.2.4/lib/active_record/encryption/scheme.rb:85:in `validate_credential': 
key_derivation_salt is not configured. Please configure it via credential active_record_encryption.key_derivation_salt or by setting config.active_record.encryption.key_derivation_salt (ActiveRecord::Encryption::Errors::Configuration)

Previously I had this in my application.rb fiole

config.active_record.encryption.primary_key = Rails.application.credentials[:active_record_encryption][:primary_key]
config.active_record.encryption.deterministic_key = Rails.application.credentials[:active_record_encryption][:deterministic_key]
config.active_record.encryption.key_derivation_salt = Rails.application.credentials[:active_record_encryption][:key_derivation_salt]

but I removed it as I assumed I wouldnt need it if the activerecord encryption uses the KMS key. Is there something Im missing? Do i still need the default configuration?

[ankane]

Hey @GMolini, unfortunately, the configuration is currently required even though it's not used. This should be addressed in Rails 7.1: rails/rails#42385.