New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Rails 4.1 secrets. #2835

Merged
merged 1 commit into from Jan 22, 2014

Conversation

Projects
None yet
4 participants
@lucasmazza
Contributor

lucasmazza commented Jan 13, 2014

This is a first spike for that @josevalim proposed on #2821. Upgrade existing apps will be simple - developers just need to move their keys to the secrets.yml - but on fresh apps its required to add the secret_key key manually. We could still generate a token inside the initializer as a fallback (so the app can boot without this step) or figure out an automatic way of placing the token on the application configuration.

@josevalim

This comment has been minimized.

Member

josevalim commented Jan 14, 2014

Nice! A couple things:

  1. Pepper exists only for backwards compatibility, I would not include it
  2. We can re-use the app secret from Rails by default since from Rails 4.1 we derive secrets from the same key

So I guess we can read Rails secret by default and leave config.secret_key for people that come from previous Rails versions where they have a different secret than the rails one (and if they want, they can store their devise secret it in config/secrets.yml themselves).

What do you think?

Read the `secret_key` value from Rails `secret_key_base`.
It is possible to override this by setting the `secret_key` manually
on the `devise.rb` initializer on your application.
@lucasmazza

This comment has been minimized.

Contributor

lucasmazza commented Jan 22, 2014

@josevalim just updated the PR with the new approach: the secret_key_base will be reused on 4+ apps as our secret_key.

@josevalim

This comment has been minimized.

Member

josevalim commented Jan 22, 2014

❤️ 💚 💙 💛 💜

@josevalim

This comment has been minimized.

Member

josevalim commented Jan 22, 2014

:shipit:

josevalim added a commit that referenced this pull request Jan 22, 2014

Merge pull request #2835 from plataformatec/secrets
Add support for Rails 4.1 secrets.

@josevalim josevalim merged commit 7a9ae13 into master Jan 22, 2014

1 check was pending

default The Travis CI build is in progress
Details

@josevalim josevalim deleted the secrets branch Jan 22, 2014

@arthurnn

This comment has been minimized.

arthurnn commented Jan 3, 2015

❤️

@redbar0n

This comment has been minimized.

Contributor

redbar0n commented on eba91e6 Feb 5, 2015

With the if-condition in devise.rb I got this error:

/.rvm/gems/ruby-2.0.0-p247/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:245:in `load': /Users/Magne/Workspace/bloggery/config/initializers/devise.rb:9: syntax error, unexpected '<' (SyntaxError)
<% if rails_4? -%>
^
/projectname/config/initializers/devise.rb:9: syntax error, unexpected tFID, expecting keyword_end
<% if rails_4? -%>
^

So it doesn't seem to be as backwards compatible as intended.

I fixed it and submitted this pull request: #3451

@md5 md5 referenced this pull request Apr 18, 2017

Merged

Update setup_heroku script #418

md5 added a commit to appropriate/ohana-api-la that referenced this pull request Apr 21, 2017

Update setup_heroku script
1. Stop provisioning DEVISE_SECRET_KEY since a separate setting for Devise is not needed with modern versions of Devise and Rails 4+ (cf. plataformatec/devise#2835). The devise.rb initializer has been updated to allow the application to start without ENV['DEVISE_SECRET_KEY'], in which case Devise will use Rails.application.config.secret_key_base (controlled by ENV['SECRET_TOKEN'])
2. Allow the script to be run idempotently
3. Check if a Heroku add-on is installed before calling "heroku addons:create"
4. Check if SECRET_TOKEN is set before generating one
5. Use "rake secret" instead of Python for UUID generation, since this is a Rails project
6. Add quotaguard:starter addon (cf. codeforamerica/ohana-api#415)

monfresh added a commit to codeforamerica/ohana-api that referenced this pull request Apr 27, 2017

Update setup_heroku script
1. Stop provisioning DEVISE_SECRET_KEY since a separate setting for Devise is not needed with modern versions of Devise and Rails 4+ (cf. plataformatec/devise#2835). The devise.rb initializer has been updated to allow the application to start without ENV['DEVISE_SECRET_KEY'], in which case Devise will use Rails.application.config.secret_key_base (controlled by ENV['SECRET_TOKEN'])
2. Allow the script to be run idempotently
3. Check if a Heroku add-on is installed before calling "heroku addons:create"
4. Check if SECRET_TOKEN is set before generating one
5. Use "rake secret" instead of Python for UUID generation, since this is a Rails project
6. Add quotaguard:starter addon (cf. #415)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment