X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/248c7167e95d970b770c43102ee68cf1319973f7..70d97b98ddf977505069795ef08236fb439b18e1:/services/api/config/secrets.yml

diff --git a/services/api/config/secrets.yml b/services/api/config/secrets.yml
index f21de2d25a..293b93bcdb 100644
--- a/services/api/config/secrets.yml
+++ b/services/api/config/secrets.yml
@@ -11,16 +11,21 @@
 # no regular words or you'll be exposed to dictionary attacks.
 # You can use `rails secret` to generate a secure secret key.
 
-# Make sure the secrets in this file are kept private
-# if you're sharing your code publicly.
+# NOTE that these get overriden by Arvados' own configuration system.
 
-development:
-  secret_key_base: ef8dfe92893202f906d198094f428aaefa75749338e306ed2874938598cad7153ef0dd3cb8036c618cc7c27bb0c6c559728e8cc224da7cdfa2ad1d02874643b0
+# shared:
+#   api_key: a1B2c3D4e5F6
 
-test:
-  secret_key_base: 0b5454fe8163063950a7124348e2bc780fabbb022fa15f8a074c2fbcfce8eca480ed46b549b87738904f2bae6617ad949c3c3579e272d486c25aaa0ead563355
+# Environmental secrets are only available for that specific environment.
 
-# Do not keep production secrets in the repository,
-# instead read values from the environment.
+# development:
+#   secret_key_base: <%= rand(1<<255).to_s(36) %>
+
+# test:
+#   secret_key_base: <%= rand(1<<255).to_s(36) %>
+
+# In case this doesn't get overriden for some reason, assign a random key
+# to gracefully degrade by rejecting cookies instead of by opening a
+# vulnerability.
 production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  secret_key_base: <%= rand(1<<255).to_s(36) %>