diff --git a/.env.example b/.env.example index 0a8c05d6..eea8055d 100644 --- a/.env.example +++ b/.env.example @@ -1,8 +1,6 @@ RAILS_ENV=production -SECRET_KEY_BASE= IMAP_SERVER= DEFAULT_FROM= -DEVISE_PEPPER= SKEL_SUTTY=https://0xacab.org/sutty/skel.sutty.nl SUTTY=sutty.nl REDIS_SERVER= diff --git a/.gitignore b/.gitignore index 5cf7616d..b89536cd 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,7 @@ /data/* .env + +# Ignore master key for decrypting credentials and more. +/config/master.key +/config/credentials.yml.enc diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index e3dce7c2..fe8d487f 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -127,7 +127,7 @@ Devise.setup do |config| config.stretches = Rails.env.test? ? 1 : 11 # Set up a pepper to generate the hashed password. - config.pepper = ENV['DEVISE_PEPPER'] + config.pepper = Rails.application.credentials.devise_pepper # Send a notification to the original email when the user's email is # changed. diff --git a/config/secrets.yml b/config/secrets.yml deleted file mode 100644 index aead418f..00000000 --- a/config/secrets.yml +++ /dev/null @@ -1,32 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Your secret key is used for verifying the integrity of signed cookies. -# If you change this key, all old signed cookies will become invalid! - -# Make sure the secret is at least 30 characters and all random, -# no regular words or you'll be exposed to dictionary attacks. -# You can use `rails secret` to generate a secure secret key. - -# Make sure the secrets in this file are kept private -# if you're sharing your code publicly. - -# Shared secrets are available across all environments. - -# shared: -# api_key: a1B2c3D4e5F6 - -# Environmental secrets are only available for that specific environment. - -development: - secret_key_base: 18809d32b6661e906759535c3de06955d0eb551a83de5639f1ca4f0375bafd9653b818c4b881942e5cd5cc8da265617c9164fdb63b9f491d4481036c3d23e677 - -test: - secret_key_base: 95f26bd27ca88acb1f0d8d207fa5e60ae7dc56463774990c4acb938110af035690c929f844eaa97cc9a06b67f44631663f40c927b19c706dcccf629143550a2f - -# Do not keep production secrets in the unencrypted secrets file. -# Instead, either read values from the environment. -# Or, use `bin/rails secrets:setup` to configure encrypted secrets -# and move the `production:` environment over there. - -production: - secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>