I more or less answer my own question in an answer for someone else's question: How to dynamicly generate secret tokens in Rails 4.1 with secrets.yml?
Questions about upgrading to Rails 4.1.0 and implications to Hartl's sample_app?
-
13-07-2023 - |
Вопрос
Reading through the release notes for Rails 4.1.0, I see that there seems to be some inclusion of/modification to a file config/secrets.yml
and I'm wondering the effects on the sample_app from Hartl's book...
My questions are:
For security best practices, should one add this file to the
.gitignore
file or is Rails handling this by default? If so, can.secret
be removed from the.gitignore
file? e.g. Listing 1.7 .gitignore fileIn chapter 3 of Hartl's book, steps are taken to dynamically create the secret token here. With this new
config/secrets.yml
is there any reason to continue to dynamically create the secret-token?
Решение
Не связан с StackOverflow