Storing Secrets

Production secrets are currently stored in ~/.rails/secrets on the server. .rails should be mode 700 and secrets should be mode 600. Capistrano sources secrets whenever the app is deployed, and this makes the secrets available to Rails.

Issue rake secret from within the app directory to generate new secrets, and then replace them in manually in secrets. If you change the database secret, you will also need to update the password for the app_user role (i.e. the database user). We're not currently using a password to access the database because Unicorn doesn't like it; instead, Postgres is set up to allow all local connections to Unix domain sockets. This should be fine since we are not using the server for anything else.