new update about has_secure_password in Rails 5.2

has_secure_password takes an attribute

For many years has_secure_password only allowed a default password attribute. But now you can stash whatever you want in there.

Source code

  • Allows configurable attribute name for #has_secure_password. This
    still defaults to an attribute named ‘password’, causing no breaking
    change. Also includes a convenience method #<strong><span style="color:#008000;">regenerate_XXX</span></strong> where
    +XXX+ is the name of the custom attribute name, eg:

class User < ActiveRecord::Base
has_secure_password :activation_token, validations: false

user =
user.activation_token # => “ME7abXFGvzZWJRVrD6Et0YqAS6Pg2eDo”
user.activation_token_digest # => “$2a$10$0Budk0Fi/k2CDm2PEwa3Be…”

The existing #authenticate method now allows specifying the attribute
to be authenticated, but defaults to ‘password’, eg:

user.authenticate(‘ME7abXFGvzZWJRVrD6Et0YqAS6Pg2eDo’, :activation_token) # => user