<p>In another rails project I work on, we have a secret in secret_token.rb, but also check for an override file. This allows things to work out-of-the-box when developing, but in production the secret token is overridden.</p>

<p><a href="https://github.com/cyclestreets/toolkit/blob/master/config/initializers/secret_token.rb">https://github.com/cyclestreets/toolkit/blob/master/config/initializers/secret_token.rb</a></p>

<p>Here's a chef recipe for creating the secret token:</p>

<p><a href="https://github.com/cyclestreets/toolkit-chef/blob/master/cookbooks/toolkit/recipes/default.rb#L182">https://github.com/cyclestreets/toolkit-chef/blob/master/cookbooks/toolkit/recipes/default.rb#L182</a></p>

<p>OSM uses chef, but might have to do things differently so that all the front-ends share the same secret token. Unless, of course, this is already taken care of by the OSM chef scripts!</p>

<p>In any case, we should probably update the REAMDE to suggest changing it when you're making your own installation.</p>

            <p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">
              —<br>
              Reply to this email directly or <a href='https://github.com/openstreetmap/openstreetmap-website/issues/178#issuecomment-11837733'>view it on GitHub</a>.
            </p>
            <img src='https://github.com/notifications/beacon/uTRSc6ihLa7Shf84BpiOpmLWAu4oQih75mggZl1E8_lpaBnmVjRskoY45fAtX8Vm.gif' height='1' width='1'>