Every new Play app gets a new application secret generated into its config file.
application.secret=asdfadsfdasf
I'm developing an open source app that will be deployed on Heroku. How can I keep the app secret a secret (e.g. no commit it into source control)?
Where exactly is the app secret used? Perhaps for my limited purposes I don't really have to keep it a secret?
You can externalize the secret as an environment variable.
In conf/application.conf Simply replace
application.secret=abc123...
with
application.secret=${APP_SECRET}
and then set this config var in Heroku with:
$ heroku config:add APP_SECRET=abc123...
Now you can manage secrets on a per-app basis and avoid checking them into version control.
It looks like that secret is important, but you can generate new ones for production vs development. So for development you could check it into SVN then generate a different one for production.
http://www.playframework.org/documentation/1.0/production
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 爷、活的狠高调 的文章《How to keep the app secret a secret?》','https://www.manongdao.com/article-585371.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}