From 44f20f7c3907d500adde0edc87c90b2cd339acea Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Wed, 22 Mar 2017 10:10:16 +0100
Subject: webapp: add secret_key_base to config

This replaces the secret_token from rails 4.1 on.

Both are used for securing cookies in the browser. The secret_key_base
will also encrypt the cookies while the token will only sign them.

Keeping the token in there for now allows us to migrate existing sessions
/ cookies to the new secrets. We can remove it in the next version once
all providers have run with secret_key_base for a while.
---
 puppet/modules/site_webapp/templates/config.yml.erb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'puppet/modules/site_webapp/templates/config.yml.erb')

diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index dd55d3e9..1a802f4c 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -8,6 +8,7 @@ production = {
   "force_ssl" => @webapp['secure'],
   "client_ca_key" => "%s/%s.key" % [scope.lookupvar('x509::variables::keys'), scope.lookupvar('site_config::params::client_ca_name')],
   "client_ca_cert" => "%s/%s.crt" % [scope.lookupvar('x509::variables::local_CAs'), scope.lookupvar('site_config::params::client_ca_name')],
+  "secret_key_base" => @secret_key_base,
   "secret_token" => @secret_token,
   "client_cert_lifespan" => cert_options['life_span'],
   "client_cert_bit_size" => cert_options['bit_size'].to_i,
-- 
cgit v1.2.3