instance method
secret_key_base
Ruby on Rails 7.1.6
Since v5.2.8.1Signature
secret_key_base()
The secret_key_base is used as the input secret to the application’s key generator, which in turn is used to create all ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor instances, including the ones that sign and encrypt cookies.
In development and test, this is randomly generated and stored in a temporary file in tmp/local_secret.txt.
You can also set ENV["SECRET_KEY_BASE_DUMMY"] to trigger the use of a randomly generated secret_key_base that’s stored in a temporary file. This is useful when precompiling assets for production as part of a build step that otherwise does not need access to the production secrets.
Dockerfile example: RUN SECRET_KEY_BASE_DUMMY=1 bundle exec rails assets:precompile.
In all other environments, we look for it first in ENV["SECRET_KEY_BASE"], then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications, the correct place to store it is in the encrypted credentials file.
Source
# File railties/lib/rails/application.rb, line 478
def secret_key_base
config.secret_key_base ||=
if ENV["SECRET_KEY_BASE_DUMMY"]
generate_local_secret
else
validate_secret_key_base(
ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || begin
secret_skb = secrets_secret_key_base
if secret_skb && secret_skb.equal?(config.secret_key_base)
config.secret_key_base
elsif secret_skb
Rails.deprecator.warn(<<~MSG.squish)
Your `secret_key_base` is configured in `Rails.application.secrets`,
which is deprecated in favor of `Rails.application.credentials` and
will be removed in Rails 7.2.
MSG
secret_skb
elsif Rails.env.local?
generate_local_secret
end
end
)
end
end
Defined in railties/lib/rails/application.rb line 478
· View on GitHub
· Improve this page
· Find usages on GitHub
Defined in Rails::Application