Setting SECRET_KEY_BASE properly

Do I have to set the exact same SECRET_KEY_BASE value when a) building a release, and also when b) starting that release in production? If running the app in a cluster (two nodes or more), do I have to set the same SECRET_KEY_BASE on all nodes of the cluster?

  1. SECRET_KEY_BASE should be set before you starting a release in production. And you should read it from runtime.exs. (Phoenix has done that for you.)
  2. If you have multiple nodes, you should set the same SECRET_KEY_BASE on all nodes. Or, your logined user will be logged out when the requests are load balanced between nodes.