aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--activesupport/lib/active_support/messages/rotation_configuration.rb2
-rw-r--r--guides/source/security.md11
2 files changed, 5 insertions, 8 deletions
diff --git a/activesupport/lib/active_support/messages/rotation_configuration.rb b/activesupport/lib/active_support/messages/rotation_configuration.rb
index 12566bdb63..908658ff02 100644
--- a/activesupport/lib/active_support/messages/rotation_configuration.rb
+++ b/activesupport/lib/active_support/messages/rotation_configuration.rb
@@ -2,7 +2,7 @@
module ActiveSupport
module Messages
- class RotationConfiguration
+ class RotationConfiguration # :nodoc:
attr_reader :signed, :encrypted
def initialize
diff --git a/guides/source/security.md b/guides/source/security.md
index b0b71cad7d..994978b88b 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -161,12 +161,9 @@ It is also useful to rotate this value for other more benign reasons,
such as an employee leaving your organization or changing hosting
environments.
-Key rotations can be defined through the
-`config.action_dispatch.cookies_rotations` configuration value. This
-value is set to an instance of
-[RotationConfiguration](http://api.rubyonrails.org/classes/ActiveSupport/RotationConfiguration.html)
-which provides an interface for rotating signed and encrypted cookie
-keys, salts, digests, and ciphers.
+Key rotations can be defined through
+`config.action_dispatch.cookies_rotations` which provides an interface for
+rotating signed and encrypted cookie keys, salts, digests, and ciphers.
For example, suppose we want to rotate out an old `secret_key_base`, we
can define a signed and encrypted key rotation as follows:
@@ -185,7 +182,7 @@ config.action_dispatch.cookies_rotations.rotate :signed,
Multiple rotations are possible by calling `rotate` multiple times. For
example, suppose we want to use SHA512 for signed cookies while rotating
-out SHA256 and SHA1 digests using the same `secret_key_base`
+out SHA256 and SHA1 digests using the same `secret_key_base`:
```ruby
config.action_dispatch.signed_cookie_digest = "SHA512"