I also posted this on StackExchange: http://stackoverflow.com/questions/28767059/does-rails-4-2-use-secret-token
Are both secret_key_base and secret_token needed for production in Rails 4.2? Setting neither causes the following exception message:
secret_key_basefor ‘production’ environment, set these values in
The 4.2 upgrade guide (http://railsapps.github.io/updating-rails.html) says this:
When you create a new Rails application using the rails new command, a unique secret key is generated and written to the config/initializers/secret_token.rb file.
But no such file was created when I generated my app, and there is no reference to secret_token in config/secrets.yml
I’m assuming that the error message is wrong, and that only secret_key_base is needed. When I run my app in production on my dev machine, it starts with just secret_key_base, but in Engineyard, setting secret_key_base (via an environment variable) isn’t working. I still get the error.