apex-omontgomery
commented
5 years ago Thank you, it looks like we had config/secrets.yml set but I'm uncertain if the device config or the secrets.yml would win in production.
The prod version of the secret key was different than the value in config anyways.
I was flipping through the source and noticed that we have the devise secret key committed to source control. This should be extracted as an environment variable.
https://github.com/OperationCode/operationcode_backend/blob/5df843a43619738df7900969b59c6edb009966bd/config/initializers/devise.rb#L9