config/initializers/secret_token.rb not being generated. Why not?
The tutorial you're looking at was likely written for an older version of Rails than you're using.
secret_token.rb
existed in Rails 3 and Rails 4.0 apps; it does not exist in Rails 4.1 apps.
It has been replaced in Rails 4.1 by the secrets.yml file:
http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#config-secrets-yml
function not being found in secret_token.rb trying to update RoR from 3.2 to 4.0
According to this post, secret_token.rb has been replaced in Rails 4 with secrets.yml. Also, note that it's located differently as well.
ArgumentError (A secret is required to generate an integrity hash for cookie session data
The message is pretty straight forward. Check in the config/initializers/secret_token.rb
file for the config.secret_token
setting and configure it if it is not there.
Ruby on Rails 3.2.13 - Brakeman - Session secret should not be included in version control
That particular message in Brakeman was silenced for me when I put secret information into ENV
variables, as you mentioned. Personally, I like to use the Figaro gem for this, but I think dotenv is popular as well.
Some other resources that may be of interest to you regarding this are:
- Code Climate blog entry: Rails Insecure Defaults blog entry on Code Climate
- StackOverflow thread: What should be removed from public source control in Ruby on Rails?
Does Rails 4.2 use secret_token?
The problem you're seeing on Engine Yard is because the secret_key_base environment variable doesn't (yet) exist by default. That's something we're working on. You can put that in place on your own using custom chef; I suggest talking to our support team for more info on that.
As for the actual error you're getting, I just tested a brand new Rails 4.2 app ("rails new foo") to see if it's generating secret_token.rb, which it's not. I think what you need here is to create config/secrets.yml, and that file should look like this:
development:
secret_key_base: somekey
test:
secret_key_base: someotherkey
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
Now, when you see ENV["SECRET_KEY_BASE"], that's where Engine Yard has a bit of a twist - we don't provide that out of the box yet. As long as your repo is private, you can hard-code something in there on your own. Otherwise, using custom chef could get you squared away by creating a secret key base and putting it in the wrapper script responsible for launching your app worker processes (so config/env.custom on our platform, for example).
Hope this helps.
Related Topics
How to Mark a Cucumber Scenario as Pending
How to Store an Instance Variable Across Multiple Actions in a Controller
How to Install Rails with Jruby
Getting a List of Classes That Include a Module
Why Does Ruby Builder::Xmlmarkup Add Inspect Tag to Xml
Access Current Git Commit Number from Within Heroku App
How to Strip Leading and Trailing Quote from String, in Ruby
Ruby on Linux Pty Goes Away Without Eof, Raises Errno::Eio
Storing Passwords for External APIs - Best Practice
Check to See If an Array Is Already Sorted
Convert Hash Keys to Lowercase -- Ruby Beginner