Does Rails 4.2 use secret_token?

I also posted this on StackExchange:

Are both secret_key_base and secret_token needed for production in Rails 4.2? Setting neither causes the following exception message:

Missing secret_token and secret_key_base for ‘production’ environment, set these values in config/secrets.yml

The 4.2 upgrade guide ( says this:

When you create a new Rails application using the rails new command, a unique secret key is generated and written to the config/initializers/secret_token.rb file.

But no such file was created when I generated my app, and there is no reference to secret_token in config/secrets.yml

I’m assuming that the error message is wrong, and that only secret_key_base is needed. When I run my app in production on my dev machine, it starts with just secret_key_base, but in Engineyard, setting secret_key_base (via an environment variable) isn’t working. I still get the error.

Hi John,

This documentation explains how to create secrets.yml.

Just create secrets.yml in app/config and copy the value from app/config/initializers/secret_token.rb.