New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Favor canonical environment variables for secrets #13703

Merged
merged 1 commit into from Jan 13, 2014

Conversation

Projects
None yet
2 participants
@schneems
Member

schneems commented Jan 13, 2014

Prefixing an environment variable with RAILS_ should be used when there is otherwise a conflict, such as RAILS_ENV or if it is being used for a very Rails specific value.

If we remove the prefix of RAILS_ in the case of RAILS_SECRET_KEY_BASE then we can push for a pseudo standard among other frameworks that will accept a common environment key SECRET_KEY_BASE to keep your app secure. This is beneficial for containerized deployments such as docker, Heroku, etc. So that the container need to know one less thing about your app (it can just set it no-matter what language or framework you are using).

This change also allows the defaults to be consistent with the way the secret key is accessed so secrets.secret_key_base is aliased to SECRET_KEY_BASE instead of RAILS_SECRET_KEY_BASE.

Favor canonical environment variables for secrets
Prefixing an environment variable with `RAILS_` should be used when there is otherwise a conflict, such as `RAILS_ENV` or if it is being used for a very Rails specific value.

If we remove the prefix of `RAILS_` in the case of `RAILS_SECRET_KEY_BASE` then we can push for a pseudo standard among other frameworks that will accept a common environment key `SECRET_KEY_BASE` to keep your app secure. This is beneficial for containerized deployments such as docker, Heroku, etc. So that the container need to know one less thing about your app (it can just set it no-matter what language or framework you are using). 

This change also allows the defaults to be consistent with the way the secret key is accessed so `secrets.secret_key_base` is aliased to `SECRET_KEY_BASE` instead of `RAILS_SECRET_KEY_BASE`.

rafaelfranca added a commit that referenced this pull request Jan 13, 2014

Merge pull request #13703 from schneems/schneems/rail-secrets-key
Favor canonical environment variables for secrets

@rafaelfranca rafaelfranca merged commit 8b70319 into rails:master Jan 13, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment