Rails Master Key
Description
General
- Documentation: https://guides.rubyonrails.org/security.html#custom-credentials
- Summary: Ruby on Rails is a web framework written in Ruby. By default, Rails encrypt secrets before storing them in a
credentials.yml.encfile. This file contains at least thesecret_key_baseof the application that is used to encrypt cookies as well as any other secret useful to the application such as API keys. To encrypt thecredentials.yml.encfile, Rails uses a key stored in amaster.keyfile. This detector focuses on catching this master key.
Revoke the secret
If it does not exist yet, the master.key file is created when the credentials file is edited with the command bin/rails credentials:edit. This is a good way to generate a new master key.
Details for Rails Master Key Assignment
-
Family: cryptographic_key
-
Category: private_key
-
High recall: False
-
Validity check available: False
-
Analyzer available: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: very rare
-
Prefixed: False
Details for Rails Master Key
-
Family: cryptographic_key
-
Category: private_key
-
High recall: False
-
Validity check available: False
-
Analyzer available: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 3.68
-
Prefixed: False
