Rails Secret Key Base
#
Description#
GeneralDocumentation: https://guides.rubyonrails.org/security.html#custom-credentials
Summary: Ruby on Rails is a web framework written in Ruby. By default, Rails encrypts secrets before storing them in a
credentials.yml.enc
file. Alternatively, these secrets can be stored in asecrets.yml
file. This detector focuses on catching the productionsecret_key_base
in unencrypted files.Scopes: Different
secret_key_base
are associated to different environment. This detector focuses on production keys.
#
Revoke the secretTo generate a new secret_key_base
, use rake secret
command. See complementary documentation here.
#
Check for suspicious activityRails secret key base var
#
Details for Family: PrivateKey
Category: Private key
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 2.22
Prefixed: False
PreValidators:
- type: ContentWhitelistPreValidator patterns: - secret_key_base
#
Examples- text: | production: secret_key_base: "123458bb7ef6402f6a8bcf5d3be54321" secret_key: 123458bb7ef6402f6a8bcf5d3be54321
- text: | +production: + secret_key_base: "123458bb7ef6402f6a8bcf5d3be54321" secret_key: 123458bb7ef6402f6a8bcf5d3be54321
- text: | -staging: - secret_key_base: "123458bb7ef6402f6a8bcf5d3be54321" secret_key: 123458bb7ef6402f6a8bcf5d3be54321