[SSO] [API] [Workbench] Have config:check sanity check secrets
Short secrets pass the config:check rake task, but then the server refuses to run with them. Extend config:check to do all the same sanity checks on these settings as the underlying code.
#4 Updated by Brett Smith over 4 years ago
Not correct, but the error only happens when the server actually receives a request. Then you get:
ArgumentError (Secret should be something secure, like "ac6ae2f2d43b746ce6237029adeaeb47". The value you provided, "ng", is shorter than the minimum length of 30 characters): app/middlewares/arvados_api_token.rb:59:in `call'
That line just calls the app, so the real check is not in our code. That said, "minimum length of 30 characters" is easy to add to our own checks.