diff options
author | Robin Dupret <robin.dupret@gmail.com> | 2015-07-06 14:35:20 +0200 |
---|---|---|
committer | Robin Dupret <robin.dupret@gmail.com> | 2015-07-06 14:35:20 +0200 |
commit | 472984b4d9f7afd118264676c2bd997602b1669e (patch) | |
tree | 9db3b141c76ee520c78777a5fcc80dac04465978 /guides/source | |
parent | c9ca063fcc4fd39ab1be1e894d88f53bd1afa5dd (diff) | |
parent | 35373fd54bb11e5ced6d5d0389414567f0eb1bed (diff) | |
download | rails-472984b4d9f7afd118264676c2bd997602b1669e.tar.gz rails-472984b4d9f7afd118264676c2bd997602b1669e.tar.bz2 rails-472984b4d9f7afd118264676c2bd997602b1669e.zip |
Merge pull request #20779 from maurogeorge/secrets-guides
Add to Security guides the secrets.yml [ci skip]
Diffstat (limited to 'guides/source')
-rw-r--r-- | guides/source/security.md | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 93580d4d4e..485b108d12 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -1026,6 +1026,29 @@ Environmental Security It is beyond the scope of this guide to inform you on how to secure your application code and environments. However, please secure your database configuration, e.g. `config/database.yml`, and your server-side secret, e.g. stored in `config/secrets.yml`. You may want to further restrict access, using environment-specific versions of these files and any others that may contain sensitive information. +### Custom secrets + +Rails generates a `config/secrets.yml`. By default, this file contains the +application's `secret_key_base`, but it could also be used to store other +secrets such as access keys for external APIs. + +The secrets added to this file are accessible via `Rails.application.secrets`. +For example, with the following `config/secrets.yml`: + + development: + secret_key_base: 3b7cd727ee24e8444053437c36cc66c3 + some_api_key: SOMEKEY + +`Rails.application.secrets.some_api_key` returns `SOMEKEY` in the development +environment. + +If you want an exception to be raised when some key is blank, use the bang +version: + +```ruby +Rails.application.secrets.some_api_key! # => raises KeyError +``` + Additional Resources -------------------- |