From 8d4ae81ab4dfd89667728cb1e66062ae0c79248a Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Thu, 22 May 2025 05:33:21 -0400
Subject: [PATCH] Remove `OTP_SECRET` env configuration (#34748)

---
 app/models/user.rb                 | 1 -
 config/environments/development.rb | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 5add0fe4f0..8a9e27504d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -73,7 +73,6 @@ class User < ApplicationRecord
   ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
 
   devise :two_factor_authenticatable,
-         otp_secret_encryption_key: Rails.configuration.x.otp_secret,
          otp_secret_length: 32
 
   devise :two_factor_backupable,
diff --git a/config/environments/development.rb b/config/environments/development.rb
index e640f2604a..4f43259d7d 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -84,9 +84,6 @@ Rails.application.configure do
   # Otherwise, use letter_opener, which launches a browser window to view sent mail.
   config.action_mailer.delivery_method = ENV['HEROKU'] || ENV['VAGRANT'] || ENV['REMOTE_DEV'] ? :letter_opener_web : :letter_opener
 
-  # TODO: Remove once devise-two-factor data migration complete
-  config.x.otp_secret = ENV.fetch('OTP_SECRET', '1fc2b87989afa6351912abeebe31ffc5c476ead9bf8b3d74cbc4a302c7b69a45b40b1bbef3506ddad73e942e15ed5ca4b402bf9a66423626051104f4b5f05109')
-
   # Raise error when a before_action's only/except options reference missing actions.
   config.action_controller.raise_on_missing_callback_actions = true