From b756ae023e1e6dd9051bdc7a8ead818a54c5a6ac Mon Sep 17 00:00:00 2001 From: Matchu Date: Wed, 25 Oct 2023 15:54:19 -0700 Subject: [PATCH] Use a hardcoded SECRET_TOKEN, in development only Oh right, we intentionally fail if there's no SECRET_TOKEN provided, but that's not really useful for development! Here, we add a SECRET_TOKEN only used in development - which doesn't need to be secret, because it doesn't guard actual user sessions! In production, the behavior is unchanged. --- config/initializers/secret_token.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index f8754891..3e44feb0 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -9,4 +9,11 @@ # Make sure your secret_key_base is kept private # if you're sharing your code publicly. -OpenneoImpressItems::Application.config.secret_key_base = ENV.fetch('SECRET_TOKEN') +if Rails.env.development? + # In development, we use a hardcoded secret key, because it doesn't actually + # need to be secret! + OpenneoImpressItems::Application.config.secret_key_base = "7584841652f89044a8b5a428efa6dfac2461449eb24741a33668cd642130d79f93b0347766ebf4a4d7d5033a263c36431594ad56b5735a7325c8cdda991219c2" +else + # In general, we use the SECRET_TOKEN provided as an environment variable! + OpenneoImpressItems::Application.config.secret_key_base = ENV.fetch('SECRET_TOKEN') +end