Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Rails 4.1 secrets. #2835

Merged
merged 1 commit into from Jan 22, 2014
Merged

Add support for Rails 4.1 secrets. #2835

merged 1 commit into from Jan 22, 2014

Conversation

@lucasmazza
Copy link
Contributor

@lucasmazza lucasmazza commented Jan 13, 2014

This is a first spike for that @josevalim proposed on #2821. Upgrade existing apps will be simple - developers just need to move their keys to the secrets.yml - but on fresh apps its required to add the secret_key key manually. We could still generate a token inside the initializer as a fallback (so the app can boot without this step) or figure out an automatic way of placing the token on the application configuration.

@josevalim
Copy link
Contributor

@josevalim josevalim commented Jan 14, 2014

Nice! A couple things:

  1. Pepper exists only for backwards compatibility, I would not include it
  2. We can re-use the app secret from Rails by default since from Rails 4.1 we derive secrets from the same key

So I guess we can read Rails secret by default and leave config.secret_key for people that come from previous Rails versions where they have a different secret than the rails one (and if they want, they can store their devise secret it in config/secrets.yml themselves).

What do you think?

It is possible to override this by setting the `secret_key` manually
on the `devise.rb` initializer on your application.
@lucasmazza
Copy link
Contributor Author

@lucasmazza lucasmazza commented Jan 22, 2014

@josevalim just updated the PR with the new approach: the secret_key_base will be reused on 4+ apps as our secret_key.

@josevalim
Copy link
Contributor

@josevalim josevalim commented Jan 22, 2014

❤️ 💚 💙 💛 💜

@josevalim
Copy link
Contributor

@josevalim josevalim commented Jan 22, 2014

:shipit:

josevalim added a commit that referenced this pull request Jan 22, 2014
Add support for Rails 4.1 secrets.
@josevalim josevalim merged commit 7a9ae13 into master Jan 22, 2014
1 check was pending
1 check was pending
default The Travis CI build is in progress
Details
@josevalim josevalim deleted the secrets branch Jan 22, 2014
@arthurnn
Copy link

@arthurnn arthurnn commented Jan 3, 2015

❤️

@redbar0n

This comment has been minimized.

Copy link
Contributor

@redbar0n redbar0n commented on eba91e6 Feb 5, 2015

With the if-condition in devise.rb I got this error:

/.rvm/gems/ruby-2.0.0-p247/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:245:in `load': /Users/Magne/Workspace/bloggery/config/initializers/devise.rb:9: syntax error, unexpected '<' (SyntaxError)
<% if rails_4? -%>
^
/projectname/config/initializers/devise.rb:9: syntax error, unexpected tFID, expecting keyword_end
<% if rails_4? -%>
^

So it doesn't seem to be as backwards compatible as intended.

I fixed it and submitted this pull request: #3451

md5 added a commit to appropriate/ohana-api-la that referenced this pull request Apr 21, 2017
1. Stop provisioning DEVISE_SECRET_KEY since a separate setting for Devise is not needed with modern versions of Devise and Rails 4+ (cf. heartcombo/devise#2835). The devise.rb initializer has been updated to allow the application to start without ENV['DEVISE_SECRET_KEY'], in which case Devise will use Rails.application.config.secret_key_base (controlled by ENV['SECRET_TOKEN'])
2. Allow the script to be run idempotently
3. Check if a Heroku add-on is installed before calling "heroku addons:create"
4. Check if SECRET_TOKEN is set before generating one
5. Use "rake secret" instead of Python for UUID generation, since this is a Rails project
6. Add quotaguard:starter addon (cf. codeforamerica/ohana-api#415)
monfresh added a commit to codeforamerica/ohana-api that referenced this pull request Apr 27, 2017
1. Stop provisioning DEVISE_SECRET_KEY since a separate setting for Devise is not needed with modern versions of Devise and Rails 4+ (cf. heartcombo/devise#2835). The devise.rb initializer has been updated to allow the application to start without ENV['DEVISE_SECRET_KEY'], in which case Devise will use Rails.application.config.secret_key_base (controlled by ENV['SECRET_TOKEN'])
2. Allow the script to be run idempotently
3. Check if a Heroku add-on is installed before calling "heroku addons:create"
4. Check if SECRET_TOKEN is set before generating one
5. Use "rake secret" instead of Python for UUID generation, since this is a Rails project
6. Add quotaguard:starter addon (cf. #415)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.