X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/fd5d197916b117386fbe872790ff6493326c4ea2..74fec3cd8284eae4829dad2c287588d52c621c4b:/apps/workbench/config/secrets.yml?ds=sidebyside

diff --git a/apps/workbench/config/secrets.yml b/apps/workbench/config/secrets.yml
index bc8a0d0de5..57399082e8 100644
--- a/apps/workbench/config/secrets.yml
+++ b/apps/workbench/config/secrets.yml
@@ -11,16 +11,16 @@
 # no regular words or you'll be exposed to dictionary attacks.
 # You can use `rails secret` to generate a secure secret key.
 
-# Make sure the secrets in this file are kept private
-# if you're sharing your code publicly.
+# NOTE that these get overriden by Arvados' own configuration system.
 
-development:
-  secret_key_base: 33e2d171ec6c67cf8e9a9fbfadc1071328bdab761297e2fe28b9db7613dd542c1ba3bdb3bd3e636d1d6f74ab73a2d90c4e9c0ecc14fde8ccd153045f94e9cc41
+# development:
+#   secret_key_base: <%= rand(1<<255).to_s(36) %>
 
-test:
-  secret_key_base: d4c07cab3530fccf5d86565ecdc359eb2a853b8ede3b06edb2885e4423d7a726f50a3e415bb940fd4861e8fec16459665fd377acc8cdd98ea63294d2e0d12bb2
+# test:
+#   secret_key_base: <%= rand(1<<255).to_s(36) %>
 
-# Do not keep production secrets in the repository,
-# instead read values from the environment.
+# In case this doesn't get overriden for some reason, assign a random key
+# to gracefully degrade by rejecting cookies instead of by opening a
+# vulnerability.
 production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  secret_key_base: <%= rand(1<<255).to_s(36) %>