Added a shared section to config/secrets.yml that will be loaded for all environments

2 files changed, 16 insertions, 3 deletions

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index ed106c9918..c383de3e06 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -385,11 +385,16 @@ module Rails
     def secrets
       @secrets ||= begin
         secrets = ActiveSupport::OrderedOptions.new
-        yaml = config.paths["config/secrets"].first
+        yaml    = config.paths["config/secrets"].first
+
         if File.exist?(yaml)
           require "erb"
-          all_secrets = YAML.load(ERB.new(IO.read(yaml)).result) || {}
-          env_secrets = all_secrets[Rails.env]
+
+          all_secrets    = YAML.load(ERB.new(IO.read(yaml)).result) || {}
+          shared_secrets = all_secrets['shared']
+          env_secrets    = all_secrets[Rails.env]
+
+          secrets.merge!(shared_secrets.symbolize_keys) if shared_secrets
           secrets.merge!(env_secrets.symbolize_keys) if env_secrets
         end
 
diff --git a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
index cdea2fd060..8e995a5df1 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
+++ b/railties/lib/rails/generators/rails/app/templates/config/secrets.yml
@@ -10,6 +10,13 @@
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.
 
+# Shared secrets are available across all environments.
+
+shared:
+  api_key: 123
+
+# Environmental secrets are only available for that specific environment.
+
 development:
   secret_key_base: <%= app_secret %>
 
@@ -18,5 +25,6 @@ test:
 
 # Do not keep production secrets in the repository,
 # instead read values from the environment.
+
 production:
   secret_key_base: <%%= ENV["SECRET_KEY_BASE"] %>