Rails Secret Key Base
Description
General
-
Documentation: https://guides.rubyonrails.org/security.html#custom-credentials
-
Summary: Ruby on Rails is a web framework written in Ruby. By default, Rails encrypts secrets before storing them in a
credentials.yml.encfile. Alternatively, these secrets can be stored in asecrets.ymlfile. This detector focuses on catching the productionsecret_key_basein unencrypted files. -
Scopes: Different
secret_key_baseare associated to different environment. This detector focuses on production keys.
Revoke the secret
To generate a new secret_key_base, use rake secret command. See complementary documentation here.
Check for suspicious activity
Details for Rails secret key base var
-
Family: PrivateKey
-
Category: Private key
-
High recall: False
-
Validity check available: False
-
Analyzer available: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 2.22
-
Prefixed: False
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- secret_key_base
Examples
- text: |
production:
secret_key_base: "169458cb0ef6432e6d6baf0d6bc44240"
secret_key: 169458cb0ef6432e6d6baf0d6bc44240
- text: |
+production:
+ secret_key_base: "169458cb0ef6432e6d6baf0d6bc44240"
secret_key: 169458cb0ef6432e6d6baf0d6bc44240
- text: |
-staging:
- secret_key_base: "169458cb0ef6432e6d6baf0d6bc44240"
secret_key: 169458cb0ef6432e6d6baf0d6bc44240
