/Config/Initializers/Secret_Token.Rb Not Being Generated. Why Not

  • Home
  • Languages
  • Ruby
  • /Config/Initializers/Secret_Token.Rb Not Being Generated. Why Not

config/initializers/secret_token.rb not being generated. Why not?

The tutorial you're looking at was likely written for an older version of Rails than you're using.

secret_token.rb existed in Rails 3 and Rails 4.0 apps; it does not exist in Rails 4.1 apps.

It has been replaced in Rails 4.1 by the secrets.yml file:

http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#config-secrets-yml

function not being found in secret_token.rb trying to update RoR from 3.2 to 4.0

According to this post, secret_token.rb has been replaced in Rails 4 with secrets.yml. Also, note that it's located differently as well.

ArgumentError (A secret is required to generate an integrity hash for cookie session data

The message is pretty straight forward. Check in the config/initializers/secret_token.rb file for the config.secret_token setting and configure it if it is not there.

Ruby on Rails 3.2.13 - Brakeman - Session secret should not be included in version control

That particular message in Brakeman was silenced for me when I put secret information into ENV variables, as you mentioned. Personally, I like to use the Figaro gem for this, but I think dotenv is popular as well.

Some other resources that may be of interest to you regarding this are:

  • Code Climate blog entry: Rails Insecure Defaults blog entry on Code Climate
  • StackOverflow thread: What should be removed from public source control in Ruby on Rails?

Does Rails 4.2 use secret_token?

The problem you're seeing on Engine Yard is because the secret_key_base environment variable doesn't (yet) exist by default. That's something we're working on. You can put that in place on your own using custom chef; I suggest talking to our support team for more info on that.

As for the actual error you're getting, I just tested a brand new Rails 4.2 app ("rails new foo") to see if it's generating secret_token.rb, which it's not. I think what you need here is to create config/secrets.yml, and that file should look like this:

development:
  secret_key_base: somekey

test:
  secret_key_base: someotherkey

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

Now, when you see ENV["SECRET_KEY_BASE"], that's where Engine Yard has a bit of a twist - we don't provide that out of the box yet. As long as your repo is private, you can hard-code something in there on your own. Otherwise, using custom chef could get you squared away by creating a secret key base and putting it in the wrapper script responsible for launching your app worker processes (so config/env.custom on our platform, for example).

Hope this helps.


Related Topics

How to Mark a Cucumber Scenario as Pending

How to Store an Instance Variable Across Multiple Actions in a Controller

How to Install Rails with Jruby

Getting a List of Classes That Include a Module

Why Does Ruby Builder::Xmlmarkup Add Inspect Tag to Xml

Changing Current Tab in Rails

How to Build a Query in Ruby on Rails That Joins on the Max of a Has_Many Relation Only and Includes a Select Filter on That Relation

Ruby Gsub/Regex Modifiers

Access Current Git Commit Number from Within Heroku App

Specifying Rails Version

How to Strip Leading and Trailing Quote from String, in Ruby

Ruby on Linux Pty Goes Away Without Eof, Raises Errno::Eio

Storing Passwords for External APIs - Best Practice

Check to See If an Array Is Already Sorted

Convert Hash Keys to Lowercase -- Ruby Beginner

Using SASS with User-Specified Colors

Installing Pg -V 0.17.1

Migrating from Local Paperclip Storage to S3


Leave a reply



Submit