No error raised when key is missing

[d-Pixie]

Just started a new Rails (5.2) API app using Knock and copied some setup from an existing project. Couldn't get it to work, I got a TypeError (no implicit conversion of nil into String): from jwt (1.5.6) lib/jwt.rb:80:in 'digest'.

When my brain caught up I realised that I had not set a secret_key_base in config/secrets.yml. Adding one solved the problem but it would have been even better if Knock warned us if we are trying to run without keys :)

Thanks for a great gem.

[serco-chen]

@d-Pixie add this line in config/initializers/knock.rb

config.token_secret_signature_key = -> { Rails.application.credentials.fetch(:secret_key_base) }

[JoshCheek]

I agree that it would be nice if the lib would check that it's not nil, I was similarly confused. Also, I think it's supposed to be Rails.application.secret_key_base, otherwise I'm pretty sure you'll wind up using the same key in dev and test as you do in prod.

We can see that it will choose a different value for test and dev, and will allow for environment vairable overriding in production, but then fall back to the credentials.secret_key_base suggested above:

https://github.com/rails/rails/blob/d7f48c9c39befaf23ccd63e0248a3bd5bf295ee5/railties/lib/rails/application.rb#L428-L436