From d1987e1d41e35559e405f072a5421f2934e26a06 Mon Sep 17 00:00:00 2001 From: Rien Date: Mon, 19 Jul 2021 17:36:10 +0200 Subject: [PATCH] Remove credentials file (#229) * Remove credentials file This removes the credentials.yml.enc file and generates the secret_key_base randomly on each application boot. * SECRET_KEY_BASE should be passed as env var This key is used to generate stable/authenticated activestorage URL's which we want to be stable in order to have optimal caching. --- README.md | 10 ++++++++-- config/credentials.yml.enc | 1 - config/environments/production.rb | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) delete mode 100644 config/credentials.yml.enc diff --git a/README.md b/README.md index e285c1ae..4f893ea9 100644 --- a/README.md +++ b/README.md @@ -36,8 +36,14 @@ you want. * DATABASE_URL * RACK_ENV * RAILS_ENV - Optionally set the following variables to control where Accentor - stores its files: + * SECRET_KEY_BASE + + You can generate a new `SECRET_KEY_BASE` using `bin/rails secret`. + For optimal caching, this key should be stable. + + Optionally set the following variables to control where Accentor + stores its files: + * FFMPEG_LOG_LOCATION * RAILS_STORAGE_PATH * FFMPEG_VERSION_LOCATION diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc deleted file mode 100644 index 3b4ade73..00000000 --- a/config/credentials.yml.enc +++ /dev/null @@ -1 +0,0 @@ -Na/bqSiXJWKAhkGCKXJjhp7mKMJ/DmMOAZUsiXGv78CZZmkz4wZ0FxNl8bDbmOpLf5XYHTznOMwtP5KoItO261dUq2a2Mf4b3kju2Q9nctou4xYJkn69V3k+mwnW0TzJLGrLaRSwM0AfLHzetEa7c2EZiY8a9/1DDoY46ilKu4VZ76QQHMY3qCKf6llan+S6+1eGz9fpCBwEj16uaeYeNz99gUqM5NIroMyTDjiwUTxcly9pHDsl/vV4Lu7GSYvok6hF3NliohsR9Z9DXUzZKQl6aKVoJ4IyzTk3BKC2IiVpvJMjwkgCUaCInpK+vzU88lYXUf6x084J6snlVOKd9toohvISZdGaukwCAaLbPxT738PAlnIwpaOlNLRAQi3D/DdxvezVQVgKwB3M9a1fEBML/OE1H4zpkl8O--EAhGrUtQN2cOQuIp--nIbXIQ1AHd7pLOJecL13ow== \ No newline at end of file diff --git a/config/environments/production.rb b/config/environments/production.rb index afa7fc3f..0eedde48 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -18,7 +18,7 @@ # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). - config.require_master_key = true + config.require_master_key = false # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this.