Problem

After using brakeman to test for security issues in your rails application you get the following warning about the config/initializers/secret_token.rb file:

Session secret should not be included in version control near line xx

Solution

Since you may have already pushed the original secret_token.rb in your version control you may need to do the following.

• Make a copy of the file : cp config/initializers/secret_token.rb config/initializers/copy_of_secret_token.rb
• Delete the original file that is also on your version control: rm config/initializers/secret_token.rb
• Add it to .gitgnore
• Commit your changes and push to your version control: git commit -a -m “remove secret token and include it in .gitignore”, git push (origin master)
• Create a new secret key by running: rake secret
• Copy the value from above to the file config/initializers/copy_of_secret_token.rb replacing the original value of config.secret_key_base
• Rename the file to secret_token.rb again: mv config/initializers/copy_of_secret_token.rb config/initializers/secret_token.rb
• Check that the new file is not listed in git when you do : git status