Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add support for Rails 4.1 secrets. #2835

Merged
merged 1 commit into from Jan 22, 2014

Conversation

Projects
None yet
4 participants
Contributor

lucasmazza commented Jan 13, 2014

This is a first spike for that @josevalim proposed on #2821. Upgrade existing apps will be simple - developers just need to move their keys to the secrets.yml - but on fresh apps its required to add the secret_key key manually. We could still generate a token inside the initializer as a fallback (so the app can boot without this step) or figure out an automatic way of placing the token on the application configuration.

Owner

josevalim commented Jan 14, 2014

Nice! A couple things:

  1. Pepper exists only for backwards compatibility, I would not include it
  2. We can re-use the app secret from Rails by default since from Rails 4.1 we derive secrets from the same key

So I guess we can read Rails secret by default and leave config.secret_key for people that come from previous Rails versions where they have a different secret than the rails one (and if they want, they can store their devise secret it in config/secrets.yml themselves).

What do you think?

Read the `secret_key` value from Rails `secret_key_base`.
It is possible to override this by setting the `secret_key` manually
on the `devise.rb` initializer on your application.
Contributor

lucasmazza commented Jan 22, 2014

@josevalim just updated the PR with the new approach: the secret_key_base will be reused on 4+ apps as our secret_key.

Owner

josevalim commented Jan 22, 2014

❤️ 💚 💙 💛 💜

Owner

josevalim commented Jan 22, 2014

:shipit:

josevalim added a commit that referenced this pull request Jan 22, 2014

Merge pull request #2835 from plataformatec/secrets
Add support for Rails 4.1 secrets.

@josevalim josevalim merged commit 7a9ae13 into master Jan 22, 2014

1 check was pending

default The Travis CI build is in progress
Details

@josevalim josevalim deleted the secrets branch Jan 22, 2014

arthurnn commented Jan 3, 2015

❤️

@arthurnn arthurnn referenced this pull request in errbit/errbit Jan 3, 2015

Merged

update configs for rails 4.1 #778

Contributor

redbar0n commented on eba91e6 Feb 5, 2015

With the if-condition in devise.rb I got this error:

/.rvm/gems/ruby-2.0.0-p247/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:245:in `load': /Users/Magne/Workspace/bloggery/config/initializers/devise.rb:9: syntax error, unexpected '<' (SyntaxError)
<% if rails_4? -%>
^
/projectname/config/initializers/devise.rb:9: syntax error, unexpected tFID, expecting keyword_end
<% if rails_4? -%>
^

So it doesn't seem to be as backwards compatible as intended.

I fixed it and submitted this pull request: #3451

@md5 md5 referenced this pull request in codeforamerica/ohana-api Apr 18, 2017

Merged

Update setup_heroku script #418

md5 added a commit to appropriate/ohana-api-la that referenced this pull request Apr 21, 2017

Update setup_heroku script
1. Stop provisioning DEVISE_SECRET_KEY since a separate setting for Devise is not needed with modern versions of Devise and Rails 4+ (cf. plataformatec/devise#2835). The devise.rb initializer has been updated to allow the application to start without ENV['DEVISE_SECRET_KEY'], in which case Devise will use Rails.application.config.secret_key_base (controlled by ENV['SECRET_TOKEN'])
2. Allow the script to be run idempotently
3. Check if a Heroku add-on is installed before calling "heroku addons:create"
4. Check if SECRET_TOKEN is set before generating one
5. Use "rake secret" instead of Python for UUID generation, since this is a Rails project
6. Add quotaguard:starter addon (cf. codeforamerica/ohana-api#415)

monfresh added a commit to codeforamerica/ohana-api that referenced this pull request Apr 27, 2017

Update setup_heroku script
1. Stop provisioning DEVISE_SECRET_KEY since a separate setting for Devise is not needed with modern versions of Devise and Rails 4+ (cf. plataformatec/devise#2835). The devise.rb initializer has been updated to allow the application to start without ENV['DEVISE_SECRET_KEY'], in which case Devise will use Rails.application.config.secret_key_base (controlled by ENV['SECRET_TOKEN'])
2. Allow the script to be run idempotently
3. Check if a Heroku add-on is installed before calling "heroku addons:create"
4. Check if SECRET_TOKEN is set before generating one
5. Use "rake secret" instead of Python for UUID generation, since this is a Rails project
6. Add quotaguard:starter addon (cf. #415)

@JordanLyons JordanLyons referenced this pull request in MissoulaConnect/ohana-api May 1, 2017

Merged

Update setup_heroku script #1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment