This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
# frozen_string_literal: true
|
||||
# NOTE:
|
||||
# RailsGoat intentionally uses an insecure approach for key management.
|
||||
# This is done to demonstrate bad practices for educational purposes.
|
||||
#
|
||||
# In real-world Rails applications:
|
||||
# - Rails 5.1 supports encrypted secrets via config/secrets.yml
|
||||
# - Rails 5.2+ supports encrypted credentials via credentials.yml.enc
|
||||
# - Secrets are commonly provided via environment variables (ENV)
|
||||
#
|
||||
# Hardcoding keys or omitting secure secret management must NEVER be done
|
||||
# in production applications.
|
||||
if Rails.env.production?
|
||||
# Specify env variable/location/etc. to retrieve key from
|
||||
else
|
||||
KEY = "123456789101112123456789101112123456789101112"
|
||||
end
|
||||
Reference in New Issue
Block a user