How to set conn.secret_key_base in a Phoenix application

Question

I'm getting the following error in my Phoenix application:

cookie store expects conn.secret_key_base to be set

It appears to be coming from the |> redirect(to: session_path(conn, :new)) line of this authenticate function in my PostController module:

  defp authenticate(conn, _opts) do
    if conn.assigns.current_user do
      conn
    else
      conn
      |> put_flash(:error, "You must be signed in to post a project.")
      |> redirect(to: session_path(conn, :new))
      |> halt()
    end
  end  

Obviously this error means that conn.secret_key_base needs to be set.

Where and how do I set this value?

Answer 1

This should be specified by default when you create your phoenix application:

https://github.com/phoenixframework/phoenix/blob/2861f0db3df3d81ee6ce79f928ef4e0b439c4dcd/installer/templates/new/config/config.exs#L16

If this config is missing for you, put the following in config/config.exs:

config :my_app, MyApp.Endpoint,
  secret_key_base: "some_secret",

You can use the mix phx.gen.secret task to generate the value you should use instead of "some_secret".

Answer 2

You set this in config/prod.secret.exs . Note that this shouldn't go into your version control since it is supposed to be secret.

# config/prod.secret.exs

use Mix.Config

config :trope_api, MyApp.Endpoint,
  secret_key_base: "SOMEVERYLONGSTRING"

This file is included in config/prod.exs at the bottom

# config/prod.exs

# Finally import the config/prod.secret.exs
# which should be versioned separately.
import_config "prod.secret.exs"

An other approach than to just keep it out of your version control system would be to use environment variables to set it when you start your app.

You can access them in your app like this:

# config/prod.exs

# Just a test vaule for env variables
config :my_app, MyApp,
  test_value: System.get_env("TESTCONFIG")

And then set them when starting your server

$ PORT=4001 MIX_ENV=prod TESTCONFIG=testvalue mix phoenix.server

If you want to use this during development as well, you could export the variables to your shell. Or just create a file named .env (or whatever you like) in your project root and add it to your .gitignore. There you add your environment variables, like so:

export TESTCONFIG="Test Config Value"
export OTHERTESTCONFIG="Other Test Config Value"

When starting a new terminal session, just quickly run source .env inside your project folder. This is also useful for database credentials. This way they stay out of version control and more importantly are not hardcoded. So when you work in a team, everyone can have their own .env file with the correct values for their local development setup (db etc.)

When deploying an app into production, you can use .env files on your server or in your container for an easier but secure start.