Generate secure secret key programmaticaly

dskecse · Mar 3, 2014 · 324d880 · 324d880
1 parent a847754
commit 324d880
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .bundle
+.secret
 db/*.sqlite3
 log/*.log
 tmp/

diff --git a/config/app_config.example.yml b/config/app_config.example.yml
@@ -1,7 +1,6 @@
 common: &common
   host: 'localhost:3000'
   mail_sender: 'noreply@example.com'
-  secret: '69d0d5b549ec27657c1987d78ba3ef41c7cb51cd08343dcdd49a05ed69e1374188ba8817e780f7c459283c7a32ba82c02ea0abfe7594edca4136889bec019a7e'
   smtp_settings:
     :address: 'smtp.gmail.com'
     :port: 587

diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
@@ -4,4 +4,15 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Depot2::Application.config.secret_token = AppConfig.secret
+require 'securerandom'
+
+def secure_token
+  token_file = Rails.root.join('.secret')
+  unless File.exists?(token_file)
+    # Generate a new token and store it in token_file.
+    File.write(token_file, SecureRandom.hex(64))
+  end
+  File.read(token_file).chomp
+end
+
+Depot2::Application.config.secret_token = secure_token