Method: Rails::Application#secret_key_base

Defined in:: railties/lib/rails/application.rb

#secret_key_base ⇒ `Object`

The secret_key_base is used as the input secret to the application’s key generator, which in turn is used to create all ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor instances, including the ones that sign and encrypt cookies.

We look for it first in ENV["SECRET_KEY_BASE"], then in credentials.secret_key_base. For most applications, the correct place to store it is in the encrypted credentials file.

In development and test, if the secret_key_base is still empty, it is randomly generated and stored in a temporary file in tmp/local_secret.txt.

Generating a random secret_key_base and storing it in tmp/local_secret.txt can also be triggered by setting ENV["SECRET_KEY_BASE_DUMMY"]. This is useful when precompiling assets for production as part of a build step that otherwise does not need access to the production secrets.

Dockerfile example: RUN SECRET_KEY_BASE_DUMMY=1 bundle exec rails assets:precompile.



477
478
479

# File 'railties/lib/rails/application.rb', line 477

def secret_key_base
  config.secret_key_base
end

Method: Rails::Application#secret_key_base

#secret_key_base ⇒ Object

#secret_key_base ⇒ `Object`