Commit graph

11 commits

Author SHA1 Message Date
Sean McGivern
c19fa02fa0 Ignore Rails/Exit cop in initializer
We do not want to proceed with loading the app in this case, as it could
lose a secret needed to decrypt values in the database.
2016-08-04 10:17:35 +01:00
Sean McGivern
732ad2f6c1 Clarify intentions of secret token initializer 2016-08-03 15:48:48 +01:00
Sean McGivern
90565b5f95 Give priority to environment variables
If an environment variable exists for secret_key_base, use that -
always. But don't save it to secrets.yml.

Also ensure that we never write to secrets.yml if there's a non-blank
value there.
2016-08-03 15:48:48 +01:00
Sean McGivern
379c2cbcbd Store all secret keys in secrets.yml
Move the last secret from .secret to config/secrets.yml, and delete
.secret if it exists.
2016-08-03 15:48:47 +01:00
Sean McGivern
405379bbfc Store OTP secret key in secrets.yml
.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.

If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.

If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.

Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.
2016-08-03 15:46:37 +01:00
Valery Sizov
40ff1318d2 Rails update to 4.2.4 2015-11-25 18:18:44 +02:00
Douwe Maan
046b283127 Groundwork for merging CI into CE 2015-08-25 18:42:46 -07:00
Cyril Rohr
b29171d9ec Allow to specify secret token via environment variable. 2014-04-15 19:27:25 +01:00
Dmitriy Zaporozhets
ac5842d970 Migrate application to rails 4 step 1
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2013-12-10 12:11:26 +02:00
ash
e444c7f6ba Generate the Rails secret token on first run.
Store the secret token in a .gitignored file called ".secret", which is
created by the initializer if it doesn't exist.
2013-05-22 23:55:48 +00:00
gitlabhq
9ba1224867 init commit 2011-10-09 00:36:38 +03:00