Use secret_key_base as paperclip hash_secret

Question

Rails 4 declares in config/secrets.yml constants secret_key_base for "verifying the integrity of signed cookies". Theses are 128 characters (0..f) long.

Paperclip (file management) can use :hash_secret option to encode accessibles file names. https://github.com/thoughtbot/paperclip/wiki/Hashing

Is there a good idea to use secret_key_base as Paperclip hash ? It seems to be a good solution, because it is complexe enough, it's not in project's commits, and have one per environment.

Declare 2 variables in secrets.yml will looks like :

development:
  secret_key_base: 73512
  secret_key_asset: 123456

test:
  secret_key_base: 3dde2
  secret_key_asset: 789456

production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
  secret_key_asset: <%= ENV["SECRET_KEY_ASSET"] %>

... Seems to complicated for nothing for me.

Regards

Answer 1

According to this excerpt from the Paperclip Wiki it would appear that secret_key_base is fine.

# config/initializers/paperclip_defaults.rb

Paperclip::Attachment.default_options.update({
  url: "/system/:class/:attachment/:id_partition/:style/:hash.:extension",
  hash_secret: Rails.application.secrets.secret_key_base
})

You can use a different secret key for Paperclip, but it's probably unnecessary for most projects.