DEPRECATION WARNING: You didn't set config.secret_key_base

Question

I receive this warning when running my specs. Is there a best practice for generating a secret_key_base, or will any string suffice (with regard to security concerns)?

Answer 1

If you are a total noob like me, remember to put the secret_key_base = 'whatever' inside single quotes. Just a copy and paste without quotes will throw an error :

C:/RailsInstaller/Ruby1.9.3/lib/ruby/gems/1.9.1/gems/activesupport-4.0.8/lib/act ive_support/dependencies.rb:223:in `load': C:/Users/Jeff C/documents/rails_proje cts/first_app/config/initializers/secret_token.rb:1: syntax error, unexpected tI DENTIFIER, expecting $end (SyntaxError)

Answer 2

As of 4.1, you need to use the config/secrets.yml file. This is discussed in http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#config-secrets-yml .

Answer 3

You simply need to create a secret_token.rb file in the config/initializers directory.

Contents of the file below:

YourAppNameHere::Application.config.secret_key_base = #type the key you generated with rake secret here

then save the file

close your server: 
ctrl c

restart it: rails s

You'll now see the basic rails app page you saw in the last chapter (If you're working through Hartl's tutorial)

Answer 4

You propably upgraded to Rails 4 from a 3.x or a previous version.

First generate a random secret key value:

$ bundle exec rake secret

Then take that value and put it in config/initializers/secret_token.rb:

YourApp::Application.config.secret_key_base = 'your-secret'

replacing YourApp with the name of your application.

The reason for this is explained here.

Also see http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#config-secrets-yml