Heroku Config Secret Key Base Error

Question

Just pushed my first app to Heroku using Git and straight away got an Interanl Server Error.

You must set config.secret_key_base in your app's config.

This is because on my .gitignore file the following file is included:

config/initializers/secret_token.rb

I am using a standard template for my .gitignore file found here: https://github.com/github/gitignore/blob/master/Rails.gitignore

My Question: Should I set this key via Heroku directly for added security and if so how?

OR

should I just remove this line from my .gitignore file?

Answer 1

In addition to setting the secret token as an ENV variable on Heroku, as outlined by Nick Ginanto, you also need the following to make this work.

Remove the config/initializers/secret_token.rb from .gitignore

Change the line in this file to:

MyApp::Application.config.secret_token = ENV['SECRET_TOKEN'] 

This will then pick up the secret token you have set with Heroku's config vars.

In order for the token to be picked up in your local environment you will need to add it. There are a number of options here but the one closest to Heroku is to use the foreman gem along with a .env file in your project root. The .env will need to have the secret_token

SECRET_TOKEN=NKUd7gisd7fueAISDfg.... 

You can use the rake secret command to generate tokens. Make sure your .env file is added to .gitignore.

With all this in place you will have different tokens for Heroku and local and your token will not be in your source control.