How to provide Thin with the Rails master.key?

[clickworkorange]

Thin dies in production because the www-data user has no access to the config/master.key (well, duh):

2024-01-23 19:46:20 +0000 Writing PID to tmp/pids/thin.0.pid
2024-01-23 19:46:20 +0000 Changing process privilege to www-data:www-data
2024-01-23 19:46:20 +0000 Using rack adapter
2024-01-23 19:46:27 +0000 Exiting!
/var/www/clickworkorange/vendor/bundle/ruby/3.1.0/gems/activesupport-7.1.2/lib/active_support/encrypted_file.rb:122:in `binread': Permission denied @ rb_sysopen - /var/www/clickworkorange/config/master.key (Errno::EACCES)

I have tried feeding Thin the key via the RAILS_MASTER_KEY environment variable:

RAILS_MASTER_KEY=`cat config/master.key` thin start -C config/thin_production.yml

But this doesn't seem to make the slightest difference. Extensive trawling has failed to turn up anything relevant, which makes me think it must be something simple - but what?

[clickworkorange]

Since I launch Thin through an init.d script (which runs as root) I was able to get this to work by loading the master.key before invoking Thin and prepending the environment variable. Minimal example:

MASTER_KEY=`cat config/master.key` 
RAILS_MASTER_KEY=$MASTER_KEY thin -C /path/to/my/config.yml

Not sure why this didn't work from the command line.