Commit e87fb5b99b17f1c34366dd4f8100a40137c91100
1 parent
c46d09e5
Exists in
master
and in
1 other branch
Allowing one to configure the secret token by giving an environment variable.
This allows you to deploy your application to heroku and not have your secret token shared with every other Errbit user.
Showing
2 changed files
with
7 additions
and
1 deletions
Show diff stats
README.md
| ... | ... | @@ -199,6 +199,12 @@ heroku run rake db:seed |
| 199 | 199 | heroku addons:add deployhooks:http --url="http://YOUR_ERRBIT_HOST/deploys.txt?api_key=YOUR_API_KEY" |
| 200 | 200 | ``` |
| 201 | 201 | |
| 202 | + * You may also want to configure a different secret token for each deploy: | |
| 203 | + | |
| 204 | +```bash | |
| 205 | +heroku config:add SECRET_TOKEN=some-secret-token | |
| 206 | +``` | |
| 207 | + | |
| 202 | 208 | * Enjoy! |
| 203 | 209 | |
| 204 | 210 | ... | ... |
config/initializers/secret_token.rb
| ... | ... | @@ -4,5 +4,5 @@ |
| 4 | 4 | # If you change this key, all old signed cookies will become invalid! |
| 5 | 5 | # Make sure the secret is at least 30 characters and all random, |
| 6 | 6 | # no regular words or you'll be exposed to dictionary attacks. |
| 7 | -Errbit::Application.config.secret_token = '6b74778101638fa9c156b3928c9492fb2481ab842538bea838d21f9c9993f649f5806449584266d413d0b2f1104162b3066a86512ed71ededd627cd41f939614' | |
| 7 | +Errbit::Application.config.secret_token = ENV['SECRET_TOKEN'] || '6b74778101638fa9c156b3928c9492fb2481ab842538bea838d21f9c9993f649f5806449584266d413d0b2f1104162b3066a86512ed71ededd627cd41f939614' | |
| 8 | 8 | ... | ... |