Does Rails 4.2 use secret_token?

ruby-on-rails ruby-on-rails-4 engineyard
J Plato picture J Plato · Feb 27, 2015 · Viewed 13.6k times · Source

Are both secret_key_base and secret_token needed for production in Rails 4.2? Setting neither causes the following exception message:

Missing secret_token and secret_key_base for 'production' environment, set these values in config/secrets.yml

The 4.2 upgrade guide (http://railsapps.github.io/updating-rails.html) says this:

When you create a new Rails application using the rails new command, a unique secret key is generated and written to the config/initializers/secret_token.rb file.

But no such file was created when I generated my app, and there is no reference to secret_token in config/secrets.yml

I'm assuming that the error message is wrong, and that only secret_key_base is needed. When I run my app in production on my dev machine, it starts with just secret_key_base, but in Engineyard, setting secret_key_base (via an environment variable) isn't working. I still get the error.

Answer

J. Austin Hughey picture J. Austin Hughey · Feb 27, 2015

The problem you're seeing on Engine Yard is because the secret_key_base environment variable doesn't (yet) exist by default. That's something we're working on. You can put that in place on your own using custom chef; I suggest talking to our support team for more info on that.

As for the actual error you're getting, I just tested a brand new Rails 4.2 app ("rails new foo") to see if it's generating secret_token.rb, which it's not. I think what you need here is to create config/secrets.yml, and that file should look like this:

development:
  secret_key_base: somekey

test:
  secret_key_base: someotherkey

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

Now, when you see ENV["SECRET_KEY_BASE"], that's where Engine Yard has a bit of a twist - we don't provide that out of the box yet. As long as your repo is private, you can hard-code something in there on your own. Otherwise, using custom chef could get you squared away by creating a secret key base and putting it in the wrapper script responsible for launching your app worker processes (so config/env.custom on our platform, for example).

Hope this helps.

Related questions

How to get a random number in Ruby

How do I generate a random number between 0 and n?

Read More
Rails 4: List of available datatypes

Where can I find a list of data types that can be used in Ruby on Rails 4? Such as text string integer float date I keep learning about new ones and I'd love to have a list I could easily …

Read More
Add a reference column migration in Rails 4

A user has many uploads. I want to add a column to the uploads table that references the user. What should the migration look like? Here is what I have. I'm not sure if I should use (1) :user_id, :int …

Read More