This secret_key_base
deprecation does not seem to have alternative syntax to remove the deprecation warning in a Rails 4.0 application. To satisfy the deprecation, follow the steps for moving the production key to secrets.yml
and delete the secret_token.rb
file. The implement a YAML loader in your application.rb
to extract the token from your secrets.yml
file.
Use rake secret
to generate a new token for each of your environments. Copy and paste the output to each section of your secrets.yml
file.
# config/secrets.yml
development:
secret_key_base: __pasted from rake secret___
test:
secret_key_base: __pasted from rake secret___
production:
secret_key_base: __pasted token from config/initializers/secret_token.rb___
# config/application.rb
# TODO Remove this in Rails 4.1
config.secret_key_base = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]['secret_key_base']
Cite: https://github.com/rails/rails/pull/13298
UPDATE:
My original post focused on Inspired by @user2998870, I added a method to my application.rb
that is allows one to implement multiple secrets, not just secret_key_base
. This makes top-level keys accessible as methods e.g. Rails.application.secrets.braintree_merchant_id
.
If nested, one can call the nested key value using Rails.application.secrets.braintree['merchant_key']
.
Note: The original code above is still needed for secret_key_base
to operate correctly in Rails 4.0.
# config/application.rb
def secrets
@secrets ||= begin
yaml = YAML.load(File.open("#{Rails.root}/config/secrets.yml"))[Rails.env]
ActiveSupport::OrderedOptions.new.merge!(yaml.symbolize_keys)
end
end