[thibaut_barrere]

Sharing a few thoughts:

- having a per-machine key auto-generated will not work properly with PaaS (such as Heroku, DotCloud etc), especially if you have N machines behind a load-balancer. In that case they need to share the key, so using a Heroku production variable or similar will have to be used instead.

- I believe we (Rails users) should at least move away from having a hard-coded key in the source by default, and instead generate and deploy it by other ways (such as symlinking like database.yml or PaaS variables), since having it in the source put an onus on people having access to the source code (such as freelancers/contractors, or other team members without deploy access etc). This should be treated sensitively!

- in today's practice of having the key in the source code, some staging environments would currently also have the same key by default, and sometimes these are less secure or up-to-date compared to production environment, providing another attack vector maybe.

[Corrado]

Agreed! We've already had and solved this problem with various config settings (i.e. database.yml). Why is there a big debate about this? The way I see it, the Rails community is already used to dealing with database.yml so it makes sense to extend this same pattern to other sensitive configurations.