Avoid Devise hitting secrets when looking for key

By default Devise uses its internal SecretKeyFinder library to look up for the "secret_key_base" value. Looking for the secrets is deprecated, and raises warnings as metioned in this issue: heartcombo/devise#5644 The solution is to configure Devise to directly take the secret_key_base from the Rails application config.
DFE-Digital · Nov 30, 2023 · 4238c53 · 4238c53
1 parent 94a1b5b
commit 4238c53
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -12,7 +12,7 @@
   # confirmation, reset password and unlock tokens in the database.
   # Devise will use the `secret_key_base` as its `secret_key`
   # by default. You can change it below and use your own secret key.
-  # config.secret_key = 'b5218e6e7ad3bc9c848548a018081ec533c780d875c736798353c0d08edb287daa99e33ad6921a88d6099dea52f78917a37a783373efb9d279796f787b094cc2'
+  config.secret_key = Rails.application.secret_key_base
 
   # ==> Controller configuration
   # Configure the parent class to the devise controllers.