X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b69d0344335cafe4f4b6d4af229616b5251d21ea..f049ebcb40b5509413f73840ead3ef8893f9331b:/services/api/config/secrets.yml?ds=sidebyside

diff --git a/services/api/config/secrets.yml b/services/api/config/secrets.yml
index 62e1f27cd5..293b93bcdb 100644
--- a/services/api/config/secrets.yml
+++ b/services/api/config/secrets.yml
@@ -11,26 +11,21 @@
 # no regular words or you'll be exposed to dictionary attacks.
 # You can use `rails secret` to generate a secure secret key.
 
-# Make sure the secrets in this file are kept private
-# if you're sharing your code publicly.
-
-# Shared secrets are available across all environments.
+# NOTE that these get overriden by Arvados' own configuration system.
 
 # shared:
 #   api_key: a1B2c3D4e5F6
 
 # Environmental secrets are only available for that specific environment.
 
-development:
-  secret_key_base: 5b710df613166e048853346d14a1837593db4463b5a778a0b747346d4758a0b4fce9f136c3063f37d92def51917fd42d137f94190de2262ebf3fe25c1f16748a
-
-test:
-  secret_key_base: 52392a8314cf1d49f2a81478541578e9be2db70d2be0047492d5ce6b7c7234303e01ff8742fc4c90775fa1fbee2dc3e85d7ecb17a50c36e2b0e29943f82d0804
+# development:
+#   secret_key_base: <%= rand(1<<255).to_s(36) %>
 
-# Do not keep production secrets in the unencrypted secrets file.
-# Instead, either read values from the environment.
-# Or, use `bin/rails secrets:setup` to configure encrypted secrets
-# and move the `production:` environment over there.
+# test:
+#   secret_key_base: <%= rand(1<<255).to_s(36) %>
 
+# In case this doesn't get overriden for some reason, assign a random key
+# to gracefully degrade by rejecting cookies instead of by opening a
+# vulnerability.
 production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  secret_key_base: <%= rand(1<<255).to_s(36) %>