Posted over 6 years ago. Visible to the public.

Rails session secret should not be in a public repository.

You can move the rails session secret to an environment variable by modifying config/initializers/secret_token.rb like this:

Copy
MyApp::Application.config.secret_token = ENV['RAILS_SESSION_SECRET']

Given that you have the pwgen utility installed you can start your rails server in your development environment this way:

Copy
% RAILS_SESSION_SECRET=`pwgen -cns 128` rails server

Owner of this card:

Avatar
jan0sch
Last edit:
over 6 years ago
Posted by jan0sch to jan0sch's deck
This website uses cookies to improve usability and analyze traffic.
Accept or learn more