Rails 6 secret_key_base vs secret_token
Question
This might be a naive question, but I am new to Ruby and appreciate any guidance. I am working on upgrading my app to use Rails 6
My secret_token.rb currently has
MyApp::Application.config.secret_token = ENV['SECRET_TOKEN'] || SecureRandom.hex(128)
https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#config-secrets-yml says "Use your existing secret_key_base from the secret_token.rb initializer to set the SECRET_KEY_BASE environment variable for whichever users running the Rails application in production."
I do not see secret_key_base being set anywhere. Is config.secret_key_base just renamed version of config.secret_token, can I just set the ENV['SECRET_TOKEN'] in secrets.yml file like this
production:
secret_key_base: ENV['SECRET_TOKEN']
1 answers
solution1
0 2021-12-21 17:54:47
Your secrets.yml file will not longer be valid in Rails 6. Instead, you will have an encrypted credentials file.
You can create the file with rails credentials:edit . You will see an error message with a suggested command based on your editing software. Cut and paste the suggestion.
Here you will store all your keys/tokens/etc.
You access them with Rails.application.credentials.secret_token or Rails.application.credentials.aws[:secret_access_token]
Based on your comments above, it sounds like you need to change config.secret_token to config.secret_key_base , and set this equal to your secret_key_base variable like this:
YourApp::Application.config.secret_key_base = Rails.application.credentials.dig(Rails.env.to_sym, :secret_key_base)
this assumes your credentials.yml.enc file has this setup:
production:
secret_key_base: a;sodkfjas;odkjfa;sodkjf
development:
secret_key_base: pqweiurwoeiurwopeiruowu
aws:
secret_access_token: mncMXncXMnc>KMXnc>KNc
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.