secret.yml public

[asmega]

If this project is open source you may wish to not publicise the secrets.yml config file when we want to actually deploy this project.

https://github.com/moneyadviceservice/frontend/blob/master/config/secrets.yml

Otherwise for example it is possible to modify the cookie contents without the server knowing it has been tampered with.

[modsognir]

👍 Let's set it in puppet instead

[andrewgarner]

Agreed. This will get addressed in due course to pull in configuration from a private source.