secret.yml public
asmega opened this issue · 2 comments
asmega commented
If this project is open source you may wish to not publicise the secrets.yml config file when we want to actually deploy this project.
https://github.com/moneyadviceservice/frontend/blob/master/config/secrets.yml
Otherwise for example it is possible to modify the cookie contents without the server knowing it has been tampered with.
modsognir commented
👍 Let's set it in puppet instead
andrewgarner commented
Agreed. This will get addressed in due course to pull in configuration from a private source.