I notice in various live tutorials that they include a step to configure the
config.exs. and replace the existing 8 character one.
Is this necessary to make things work (doesn’t seem to be) or simply good practice 'cos an 8 char secret is a bit of a crappy secret?
It’s not a secret, it’s a salt. Most keys in a Phoenix application are derived from the secret_key_base, and each use-case should have a separate salt to ensure they derive unique keys (reusing a key for different use-cases may weaken the security). So as long as you keep you secret_key_base secret and random, the salt values just need to be unique within your application.
It’s not a secret, it’s a salt.
The underlying point is that it is good practice for each use-case to have a separate salt, not that you must provide it or the live view will not work. So for a throw-away example this step is not strictly necessary.
Is that right?
Still tooooo shooort. That’s the first thing I change in any project I start