From 11f921b05837bfda6b302c9eee22cde330b57112 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Tue, 7 Jun 2016 12:54:52 +0800 Subject: [PATCH] remove secret key from source control - fixme on production. This will expire all cookies, but make our install more secure from hackers who know their way around Github --- .example-env | 2 ++ config/initializers/secret_token.rb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.example-env b/.example-env index f3bace35..c2c9a2e9 100644 --- a/.example-env +++ b/.example-env @@ -7,7 +7,9 @@ export DB_NAME='metamap002' export REALTIME_SERVER='http://localhost:5001' export MAILER_DEFAULT_URL='localhost:3000' export DEVISE_MAILER_SENDER='team@metamaps.cc' + export DEVISE_SECRET_KEY='f71c467e526f23d614b3b08866cad4788c502bed869c282f06e73ee6c94675b62fe1f6d52fa7ba8196b33031f0d2f3b67e27ea07693c52ecebccb01700cad614' +export SECRET_KEY_BASE='267c8a84f63963282f45bc3010eaddf027abfab58fc759d6e239c8005f85ee99d6d01b1ab6394cdee9ca7f8c9213a0cf91d3d8d3350f096123e2caccbcc0924f' # # you can safely leave these blank, unless you're deploying an instance, in # # which case you'll need to set them up diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 9c1fb05e..83877c08 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -4,4 +4,4 @@ # If you change this key, all old signed cookies will become invalid! # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -Metamaps::Application.config.secret_key_base = '267c8a84f63963282f45bc3010eaddf027abfab58fc759d6e239c8005f85ee99d6d01b1ab6394cdee9ca7f8c9213a0cf91d3d8d3350f096123e2caccbcc0924f' +Metamaps::Application.config.secret_key_base = ENV['SECRET_KEY_BASE']