From 4c6c3575c66ce10043c9ea04023788890a228de8 Mon Sep 17 00:00:00 2001
From: Jose Luis Duran <jlduran@users.noreply.github.com>
Date: Wed, 18 Apr 2018 18:29:27 -0300
Subject: Make the master.key readable only by the owner

This change may only apply to POSIX-compliant systems.

Previously:

    $ ls -l config/master.key
    -rw-r--r--   1 owner  group      32 Jan 1 00:00 master.key

Now:

    $ ls -l config/master.key
    -rw-------   1 owner  group      32 Jan 1 00:00 master.key
---
 .../rails/encryption_key_file/encryption_key_file_generator.rb           | 1 +
 1 file changed, 1 insertion(+)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb
index 90068c678d..e2359e9ded 100644
--- a/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb
+++ b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb
@@ -27,6 +27,7 @@ module Rails
 
       def add_key_file_silently(key_path, key = nil)
         create_file key_path, key || ActiveSupport::EncryptedFile.generate_key
+        key_path.chmod 0600
       end
 
       def ignore_key_file(key_path, ignore: key_ignore(key_path))
-- 
cgit v1.2.3