Merge remote-tracking branch 'upstream/pull/1587'

[rails.git] / config / secrets.yml

diff --git a/config/secrets.yml b/config/secrets.yml
index 253f2be62c3bed16feab9ff1d6c8703ab25048d3..4704fad447d9a31b98a3cba7a0caf441bdc4e956 100644 (file)
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -5,18 +5,28 @@
 
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-# You can use `rake secret` to generate a secure secret key.
+# You can use `rails secret` to generate a secure secret key.
 
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.
 
+# Shared secrets are available across all environments.
+
+# shared:
+#   api_key: a1B2c3D4e5F6
+
+# Environmental secrets are only available for that specific environment.
+
 development:
   secret_key_base: 1ce5ed17771b4fdc3f755c5b98459d67816f99ec5889ec2fa7bf2bd3cba3ad5cc453693ce3c5d121669be478fb811136f4f483e6f39ac1f0e34ba66e8acab574
 
 test:
   secret_key_base: 10d52b1bf88c429e73ffbc5e5f58b037db21f38ea88b8b454e55d52ed8bcc6e7fe3b48a79b2f36eb78a4685224d707767d083f79c51f7d81a9d4a06d1c1e2534
 
-# Do not keep production secrets in the repository,
-# instead read values from the environment.
+# Do not keep production secrets in the unencrypted secrets file.
+# Instead, either read values from the environment.
+# Or, use `bin/rails secrets:setup` to configure encrypted secrets
+# and move the `production:` environment over there.
+
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>