Last Updated: February 25, 2016
·
1.147K
· jan0sch

Rails session secret should not be in a public repository

#rails
#security
#session
#public repository

You can move the rails session secret to an environment variable by modifying config/initializers/secret_token.rb like this:

MyApp::Application.config.secret_token = ENV['RAILS_SESSION_SECRET']

Given that you have the pwgen utility installed you can start your rails server in your development environment this way:

% RAILS_SESSION_SECRET=`pwgen -cns 128` rails server
#rails
#security
#session
#public repository

Written by Jens Grassel

Say Thanks
Respond

Related protips

Rails 4: How to partials & AJAX, dead easy

192.5K
27

Ruby on Rails 4 - Authentication with Facebook and OmniAuth.

100.1K
51

Open a rails form with Twitter Bootstrap modals

87.7K
19

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Rails Authors
sebastialonso
223.8K
#rails
#CSS
#JavaScript
sergiotapia
141.3K
#rails
#Ruby
#Elixir
jamesdullaghan
90.45K
#rails
#JavaScript
#Ruby
edokun_
87.62K
#rails
#Ruby
#Python
rorykoehler
78.89K
#rails
#Postgres
#Coffeescript
Related Tags
#rails
#security
#session
#public repository
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Ruby on Rails Development Tips
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#