Missing secret token, secret key base when running my application in production

Question

I work with Rails 4 and Ruby 2.1 and sorry but I am working on Windows

I have read a lot about this topic "Missing secret token, secret key base" but actually I do not understang anything.

I do not use Heroku, Git, Puma, Passenger or everything else I've read. I just thought I could instead of running rails s as usual run rails s -e production and see what is the version of my web application in production.

But I have the error "Missing secret_token and secret_key_base for production environment, set these values in config/secrets.yml"

I read about solutions using openSSL, export SECRET_KEY_BASE=<the long string> but I do understand the solutions.

I thought it was a problem related to the system of connection by password I settled thanks to Rails tutorial of Micheal Hartl. So disabled SSL connection. But nothing change.

This is my config/secrets.yml :

production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

Can someone explain how to concretely solve this issue ?

Answer 1

GDMN I am sorry that everyone gave you such poor explanations and instructions. Ok onto it then, shall we......

First everyone is right you no longer need "secret_token", you do however need "secret_key_base". What this does is it secures your visitors connection and keeps your system and app more secure. That is a simple explanation but all you need to worry about at the beginners level.

Second the ENV stands for "Environment Variable" they are used in all operating systems and they refer to variables on the OS level that hold information that you do not want to be accessible t someone trying to gain access to your site. For instance in Ruby On Rails if you HARD CODE the secrety_token_base string/hash then I hacker can gain access by using your security_token against you. I have seen this happen and it is not pretty, if the individual is skilled enough then they can gain access to even your root/admin account.

Now on to setting it all up. I only know the linux way and I know you are looking for the windows method but this should at least give you an understanding to seek out the information relevant to your operating system.

First thing you would need to do is generate your secret_token_base by running

bundle exec rake secret

To my knowlege this is the way you do it in all Operating Systems. After you run the above command the console will return a string and you would need to copy it. Once copied you would run the following command:

export SECRET_KEY_BASE=WhatYouJustCopied

Then we would check to make sure the Environment Variable SECRET_KEY_BASE is set by running:

env | grep -E "SECRET_TOKEN|SECRET_KEY_BASE"

If you do not have SECRET_TOKEN set you will only get the KEY_BASE.

If you want to learn more in depth information please visit this link it may be a little dated but most of it is still relevant and conceptually it is the same. I wish you luck on your new found ROR Adventure! It is fun once you get the hang of it!