The Rails 7 new_framework_defaults_7_0.rb file instructs to add some code for registering a cookie rotator (below). Should this code be executed a single time e.g. in a one-off rake task, or executed in an initializer at each application boot? (And in the latter case should it be enclosed in an after_initialize block as suggested here?)
Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies|
salt = Rails.application.config.action_dispatch.authenticated_encrypted_cookie_salt
secret_key_base = Rails.application.secrets.secret_key_base
key_generator = ActiveSupport::KeyGenerator.new(
secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1
)
key_len = ActiveSupport::MessageEncryptor.key_len
secret = key_generator.generate_key(salt, key_len)
cookies.rotate :encrypted, secret
end
Question also posted on StackOverflow.