diff --git a/.env.development b/.env.development index 928f5014b2..8f352f7e5f 100644 --- a/.env.development +++ b/.env.development @@ -1,7 +1,11 @@ # ENV vars for the development environment # Override locally with `.env.development.local` +# +# You may also want to use this when testing other environments locally: +# +# cp .env.development .env.local -SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" OFN_REDIS_URL="redis://localhost:6379/1" OFN_REDIS_JOBS_URL="redis://localhost:6379/2" diff --git a/.env.test b/.env.test index 2729e942fd..9a20a69526 100644 --- a/.env.test +++ b/.env.test @@ -1,7 +1,7 @@ # ENV vars for the test environment # Override locally with `.env.test.local` -SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" STRIPE_SECRET_TEST_API_KEY="bogus_key" STRIPE_CUSTOMER="bogus_customer" diff --git a/.gitignore b/.gitignore index cba45b438d..b50b2725c4 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,6 @@ coverage /yarn-error.log yarn-debug.log* .yarn-integrity + +/config/credentials.yml.enc +/config/master.key diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 565c65de2f..e66b94f4b8 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -5,14 +5,8 @@ # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -secret_key = if Rails.env.development? or Rails.env.test? - ('x' * 30) # Meets basic minimum of 30 chars. -else - ENV["SECRET_TOKEN"] -end - # Rails 4+ key for signing and encrypting cookies. -Openfoodnetwork::Application.config.secret_key_base = secret_key +Openfoodnetwork::Application.config.secret_key_base = ENV["SECRET_TOKEN"] # Legacy secret_token variable. This is still used directly for encryption. -Openfoodnetwork::Application.config.secret_token = secret_key +Openfoodnetwork::Application.config.secret_token = ENV["SECRET_TOKEN"]