Ruby on Rails takes care of most of our site security for us. About the only thing we have to do is be careful with our secret keys. This means keeping them out of public repos. If you realize you’ve revealed your secret key, Rails still has your back. There’s a very simple rake task to generate a new secret key:

1
2
$ rake secret
d781e04897092465...

and you’ll get a new, secure 64-character random key. Try not to check this one into source control.

H/T to James Badger’s post for spelling this out.

Comments