Merge pull request #49839 from skipkayhil/hm-skb-deprecation

Fix config.secret_key_base warning about secrets

railties/lib/rails/application.rb

@@ -477,7 +477,21 @@ def secret_key_base
         config.secret_key_base ||= generate_local_secret
       else
         validate_secret_key_base(
-          ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base
+          ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || begin
+            secret_skb = secrets_secret_key_base
+
+            if secret_skb.equal?(config.secret_key_base)
+              config.secret_key_base
+            else
+              Rails.deprecator.warn(<<~MSG.squish)
+                Your `secret_key_base is configured in `Rails.application.secrets`,
+                which is deprecated in favor of `Rails.application.credentials` and
+                will be removed in Rails 7.2.
+              MSG
+
+              secret_skb
+            end
+          end
         )
       end
     end

railties/test/application/configuration_test.rb

@@ -965,6 +965,20 @@ def index
       assert_equal "3b7cd727ee24e8444053437c36cc66c3", app.secret_key_base
     end
 
+    test "config.secret_key_base does not lead to a deprecation" do
+      remove_file "config/secrets.yml"
+      app_file "config/initializers/secret_token.rb", <<-RUBY
+        Rails.application.credentials.secret_key_base = nil
+        Rails.application.config.secret_key_base = "3b7cd727ee24e8444053437c36cc66c3"
+      RUBY
+
+      app "production"
+
+      assert_not_deprecated(Rails.deprecator) do
+        assert_equal "3b7cd727ee24e8444053437c36cc66c3", app.secret_key_base
+      end
+    end
+
     test "custom secrets saved in config/secrets.yml are loaded in app secrets" do
       app_file "config/secrets.yml", <<-YAML
         development: