Missing production secret_key_base in rails
I have finally found the corrent method. None of the methods mentioned in question are the correct one.
Correct method:
We ourselves should generate a secret key (by rake secret
) then create an environment variables for SECRET_KEY_BASE by running following command from command prompt:
rhc set-env SECRET_KEY_BASE=3dc8b0885b3043c0e38aa2e1dc64******************** -a myapp
after running this command, connect to your server via SSH and run env
so you should see your SECRET_KEY_BASE in the list.
Now restart you app rhc app-stop myapp
and rhc app-start myapp
, then you are good to go.
If you're on a normal Ubuntu machine just put export SECRET_KEY_BASE=" <<< output from rake secret here >>> "
in your ~/.bashrc
.
Run source ~/.bashrc
and restart the app.
There is another option that should be a little more secure and that is to add it to the Apache/Nginx configuration file. I'm using Apache and have just used:
SetEnv SECRET_KEY_BASE my_secret
Then just leave the secrets.yml file set to:
production: <%= ENV["SECRET_KEY_BASE"] %>
For a production web server I'm not sure it's valid to assume that a .bashrc
file is run and will get your ENV variable set, but I think this way is certain to set it. I'm not and expert so ready to have any risks or reasons why it's not a good idea pointed out to me.