Rails session secret should not be in a public repository.
2013-05-24
You can move the rails session secret to an environment variable by
modifying config/initializers/secret_token.rb
like this:
MyApp::Application.config.secret_token = ENV[‘RAILS_SESSION_SECRET’]
Given that you have the pwgen
utility installed you can start your rails
server in your development environment this way:
% RAILS_SESSION_SECRET=`pwgen -cns 128` rails server