Heroku Config Secret Key Base Error

Question

Just pushed my first app to Heroku using Git and straight away got an Interanl Server Error.

You must set config.secret_key_base in your app\'s config.

Answer 1

Set it as a Heroku environment variable, & provide a fallback for development

Remove the hardcoded secret, check the secret initialiser into version control, set an environment variable on Heroku, and provide a fallback for development and stage.

1. Remove the hardcoded secret, and optionally provide a fallback:

Edit your config/initializers/secure_random.rb to remove the hardcoded secret for production. Optionally include a fallback for non-production environments if you'd rather not change the way you start your server.

secret = Rails.env.production? ? ENV['SECRET_TOKEN'] : "top_secret_token"
YourApp::Application.config.secret_key_base = secret

2. Check config/initializers/secure_random.rb into git

Edit .gitignore and remove the line:

config/initializers/secret_token.rb

Now commit the file.

3. Set the secret key for Heroku

Run:

rake secret

to generate a random alphanumeric string. I like to make doubly sure by mixing the key up a little by hand as well, just in case a future weakness is discovered in the key generation algorithm, as happened for Debian not so long ago. Probably this is unnecessary.

Next run:

heroku config:set SECRET_TOKEN=paste_random_string_here

to set the secret as a Heroku environment variable. Deploy to Heroku and you're done.