Rails Secret Key Base
Description
General
- Documentation: https://guides.rubyonrails.org/security.html#custom-credentials
- Summary: Ruby on Rails is a web framework written in Ruby. By default, Rails encrypts secrets before storing them in a
credentials.yml.enc
file. Alternatively, these secrets can be stored in asecrets.yml
file. This detector focuses on catching the productionsecret_key_base
in unencrypted files.
Revoke the secret
To generate a new secret_key_base
, use rake secret
command. See complementary documentation here.
Details for Rails Secret Key Base
-
Family: cryptographic_key
-
Category: private_key
-
High recall: False
-
Validity check available: False
-
Analyzer available: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 2.22
-
Prefixed: False