diff options
-rw-r--r-- | activesupport/lib/active_support/messages/rotation_configuration.rb | 2 | ||||
-rw-r--r-- | guides/source/security.md | 11 |
2 files changed, 5 insertions, 8 deletions
diff --git a/activesupport/lib/active_support/messages/rotation_configuration.rb b/activesupport/lib/active_support/messages/rotation_configuration.rb index 12566bdb63..908658ff02 100644 --- a/activesupport/lib/active_support/messages/rotation_configuration.rb +++ b/activesupport/lib/active_support/messages/rotation_configuration.rb @@ -2,7 +2,7 @@ module ActiveSupport module Messages - class RotationConfiguration + class RotationConfiguration # :nodoc: attr_reader :signed, :encrypted def initialize diff --git a/guides/source/security.md b/guides/source/security.md index b0b71cad7d..994978b88b 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -161,12 +161,9 @@ It is also useful to rotate this value for other more benign reasons, such as an employee leaving your organization or changing hosting environments. -Key rotations can be defined through the -`config.action_dispatch.cookies_rotations` configuration value. This -value is set to an instance of -[RotationConfiguration](http://api.rubyonrails.org/classes/ActiveSupport/RotationConfiguration.html) -which provides an interface for rotating signed and encrypted cookie -keys, salts, digests, and ciphers. +Key rotations can be defined through +`config.action_dispatch.cookies_rotations` which provides an interface for +rotating signed and encrypted cookie keys, salts, digests, and ciphers. For example, suppose we want to rotate out an old `secret_key_base`, we can define a signed and encrypted key rotation as follows: @@ -185,7 +182,7 @@ config.action_dispatch.cookies_rotations.rotate :signed, Multiple rotations are possible by calling `rotate` multiple times. For example, suppose we want to use SHA512 for signed cookies while rotating -out SHA256 and SHA1 digests using the same `secret_key_base` +out SHA256 and SHA1 digests using the same `secret_key_base`: ```ruby config.action_dispatch.signed_cookie_digest = "SHA512" |