Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Every new Play app gets a new application secret generated into its config file.
application.secret=asdfadsfdasf
I’m developing an open source app that will be deployed on Heroku. How can I keep the app secret a secret (e.g. no commit it into source control)?
Where exactly is the app secret used? Perhaps for my limited purposes I don’t really have to keep it a secret?
You can externalize the secret as an environment variable.
In
conf/application.confSimply replacewith
and then set this config var in Heroku with:
Now you can manage secrets on a per-app basis and avoid checking them into version control.