Devise secret key is in source control
jimbert opened this issue · 1 comments
jimbert commented
I was flipping through the source and noticed that we have the devise secret key committed to source control. This should be extracted as an environment variable.
apex-omontgomery commented
Thank you, it looks like we had config/secrets.yml set but I'm uncertain if the device config or the secrets.yml would win in production.
The prod version of the secret key was different than the value in config anyways.