|
|
|
|
|
|
by maxk42
4773 days ago
|
|
|
Yes, but any application running under the same UID can get the secret token -- or it can be grabbed from whatever file sets up the environment. This isn't necessarily an improvement in security and is probably a step backwards. It's more helpful to make sure you don't allow secret_token.rb into the repo than it is to make sure the token gets loaded from the environment. |
|
|