在rails 4中使用secret_key_base是什么 [英] What is the use of secret_key_base in rails 4
问题描述
我是Rails 4的新手,不明白在 config / secrets.yml
下使用 secret_key_base
在Rails 4.你可以解释一下这个概念吗?
此外,当我在生产环境中工作时,系统提示您设置 secret_key
与 devise.rb
, config.secret_key
和 secret_key_base
。但是,我可以使用 rake secret
命令生成新的秘密。
开发和生产环境有什么区别?
如何与新生成的 secret_key
,当我每次生成时添加 secret_key_base
如何保护与其他服务器的应用程序?
secret_token.rb
文件的内容包括一个长时间随机化的字符串 ,用于验证签名的Cookie 的完整性(例如用户登录到您的网络应用程序时的用户会话)。 p>
文档说:
使用您现有的secret_key_base从
secret_token.rb
初始化程序
为无论哪个用户$ b设置SECRET_KEY_BASE环境变量$ b以生产模式运行Rails应用程序。或者,您可以将现有的secret_key_base从secret_token.rb
初始化程序复制到生产部分的secrets.yml,替换为<%= ENV [ SECRET_KEY_BASE]%>
。
由于它是重要的文件,你不能放它被认为是一个很好的做法,使用env变量存储 secret_key_base
值:
创建 .env
或 .powenv
文件,并将其存储为:
出口SECRET_TOKEN =9489b3eee4eccf317ed77407553e8adc97baca7c74dc7ee33cd93e4c8b69477eea66eaedeb18af0be2679887c7c69c0a28c0fded0a71ea472a8c4laalal19cb
然后在 config / initializers / secret_token.rb
YourAppName :: Application.config .secret_key_base =如果Rails.env.development?还是Rails.env.test? #生成简单的测试和开发环境
('a'* 30)#应至少为30个字符长
else
ENV ['SECRET_TOKEN']
end
更新04.05.15
从Rails 4.2开始不再有 secret_token.rb
文件。
通过新的约定,有一个 config / secrets.yml
文件旨在存储应用程序的秘密。
阅读如何根据创新将现有应用升级到4.2.x。
I am new to Rails 4, and do not understand the use of secret_key_base
under config/secrets.yml
in Rails 4. Can you please explain this concept?
Also, when I am working in the production environment, I am prompted to set the secret_key
with devise.rb
, config.secret_key
, and secret_key_base
. However, I can generate a new secret using the rake secret
command.
What is the difference between development and production environments?
How is it matching the newly generated secret_key
when I add it with secret_key_base
every time I generate?
How is it securing the application with other servers?
The secret_token.rb
file's content includes a long randomized string which is used to verify the integrity of signed cookies (such as user sessions when people are signed into your web app).
Documentation says:
Use your existing secret_key_base from the
secret_token.rb
initializer to set the SECRET_KEY_BASE environment variable for whichever users run the Rails app in production mode. Alternately, you can simply copy the existing secret_key_base from thesecret_token.rb
initializer to secrets.yml under the production section, replacing<%= ENV["SECRET_KEY_BASE"] %>
.
Since it is important file, and you can't put it to .gitignore, it is treated to be a good practice to use env variable to store secret_key_base
value:
create .env
or .powenv
file and store it as:
export SECRET_TOKEN="9489b3eee4eccf317ed77407553e8adc97baca7c74dc7ee33cd93e4c8b69477eea66eaedeb18af0be2679887c7c69c0a28c0fded0a71ea472a8c4laalal19cb"
And then in config/initializers/secret_token.rb
YourAppName::Application.config.secret_key_base = if Rails.env.development? or Rails.env.test? # generate simple key for test and development environments
('a' * 30) # should be at least 30 chars long
else
ENV['SECRET_TOKEN']
end
This article is (a bit old and) long but really full of useful info on the topic.
UPDATE 04.05.15
Starting from Rails 4.2 there is no longer secret_token.rb
file.
By new convention there is a config/secrets.yml
file aimed to store application's secrets.
Have a read on how to upgrade an existing app to 4.2.x according to innovations.
这篇关于在rails 4中使用secret_key_base是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!