diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2017-09-24 19:02:12 +0200 |
---|---|---|
committer | Kasper Timm Hansen <kaspth@gmail.com> | 2017-09-24 19:02:12 +0200 |
commit | 92afe55b179152a5747b70cc5d5375395581b70f (patch) | |
tree | 14756a5a7db4f639690f53b75687f896bd885e66 /guides/source/security.md | |
parent | 36888b9387731394f0079fc855ab9ad61ba8dfe5 (diff) | |
download | rails-92afe55b179152a5747b70cc5d5375395581b70f.tar.gz rails-92afe55b179152a5747b70cc5d5375395581b70f.tar.bz2 rails-92afe55b179152a5747b70cc5d5375395581b70f.zip |
[ci skip] RotationConfiguration is an implementation detail, not public API.
Diffstat (limited to 'guides/source/security.md')
-rw-r--r-- | guides/source/security.md | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index b0b71cad7d..994978b88b 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -161,12 +161,9 @@ It is also useful to rotate this value for other more benign reasons, such as an employee leaving your organization or changing hosting environments. -Key rotations can be defined through the -`config.action_dispatch.cookies_rotations` configuration value. This -value is set to an instance of -[RotationConfiguration](http://api.rubyonrails.org/classes/ActiveSupport/RotationConfiguration.html) -which provides an interface for rotating signed and encrypted cookie -keys, salts, digests, and ciphers. +Key rotations can be defined through +`config.action_dispatch.cookies_rotations` which provides an interface for +rotating signed and encrypted cookie keys, salts, digests, and ciphers. For example, suppose we want to rotate out an old `secret_key_base`, we can define a signed and encrypted key rotation as follows: @@ -185,7 +182,7 @@ config.action_dispatch.cookies_rotations.rotate :signed, Multiple rotations are possible by calling `rotate` multiple times. For example, suppose we want to use SHA512 for signed cookies while rotating -out SHA256 and SHA1 digests using the same `secret_key_base` +out SHA256 and SHA1 digests using the same `secret_key_base`: ```ruby config.action_dispatch.signed_cookie_digest = "SHA512" |