Add bonus documentation for Rails encrypted secrets
This commit is contained in:
Shiva Chethan Reddy
@@ -1,4 +1,15 @@
|
||||
# frozen_string_literal: true
|
||||
# NOTE:
|
||||
# RailsGoat intentionally uses an insecure approach for key management.
|
||||
# This is done to demonstrate bad practices for educational purposes.
|
||||
#
|
||||
# In real-world Rails applications:
|
||||
# - Rails 5.1 supports encrypted secrets via config/secrets.yml
|
||||
# - Rails 5.2+ supports encrypted credentials via credentials.yml.enc
|
||||
# - Secrets are commonly provided via environment variables (ENV)
|
||||
#
|
||||
# Hardcoding keys or omitting secure secret management must NEVER be done
|
||||
# in production applications.
|
||||
if Rails.env.production?
|
||||
# Specify env variable/location/etc. to retrieve key from
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user