Add secret_key_base config

NEWS.md

@@ -2,7 +2,8 @@ Development
 -----------
 
 ### NOTICES
-- None yet
+- For increased security, it's recommended to update the config to include a `secret_key_base`. You can generate a
+  suitable random key by using `bundle exec rake secret`
 
 ### Features
 * Visualizations backup revamp [#14698](https://github.com/CartoDB/cartodb/issues/14698)

config/app_config.yml.sample

@@ -16,6 +16,8 @@ defaults: &defaults
   http_port:           3000 # nil|integer. HTTP port to use when building urls. Leave empty to use default (80)
   https_port:          # nil|integer. HTTPS port to use when building urls. Leave empty to use default (443)
   secret_token:       '71c2b25921b84a1cb21c71503ab8fb23'
+  # It's recommended to generate a new secret_key_base for each installation using `bundle exec rake secret`
+  secret_key_base:    '65903fa751affcdd71a9eb09308bcb404c50c8df03414db849ea22fbe8d4aae9ff344f6594630eb9c8367b4fd8ed2211d0342a49df473dccc27ae0be120b25ab'
   account_host:       'localhost.lan:3000'
   # Here you can define other hosts different to account_host that also will be CORS enabled
   # cors_enabled_hosts:

config/initializers/secret_token.rb

@@ -5,3 +5,4 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 CartoDB::Application.config.secret_token = Cartodb.config[:secret_token]
+CartoDB::Application.config.secret_key_base = Cartodb.config[:secret_key_base]