Reputation: 10350
Does Rails secret token have to be unique for each rails app?
In secret_token.rb under rails initializers, there is secret token appearing as a string of random chars and numbers which must be 30 chars or longer. For max security, does this secret token have to be unique for each and every rails app deployed? We plan to use a rails template which may have the same secret token for every app developed from the same template. Thanks so much.
Upvotes: 1
Views: 2522
Answers (1)
Reputation: 10769
Yesterday I was reading an article about security, and I believe it is important to ensure the uniqueness of your secret_token.
You can use any previous project as template (everybody does that), but for security reasons you should generate a new secret_token.
In this article, they explain how to generate a new secret_token through the vegas-gem. I haven't tried yet....
Also take a look in the links below:
- Ruby on Rails config.secret_token error
- when you have secret key in your project, how can pushing to GitHub be possible?
I Hope it helps...
Upvotes: 5
Related Questions
- Understanding the Rails Authenticity Token
- Rails create unique token
- Multiple tokens and multiple providers authentication in rails
- What is the Rails secret token and how do I set it?
- Rails security concerns with Authorization token in header for API
- Rails, ruby: does SecureRandom.urlsafe_base64 need to be checked for uniqueness for tokens?
- What is the use of secret_token in rails?
- Rails 3 devise "token per client"
- Rails secret token
- Rails shared restful authentication between multiple apps