Rails use secret_key_base to derive keys that are used to generate and verify encrypted cookies, signed cookie and also signed message. So it is important to keep your secret_key_base value secure. If your secret_key_base is somehow exposed, I urge you to change it immediately