Step by Step explanation for using Rails secrets.yml without exposing keys to public repo when deploying to Heroku

Question

I am using Rails 4.1.1 and ruby 2.0.0

I\'ve currently ignored my secrets.yml file to my gitignore for github.

secrets.yml

develo         


        

Answer 1

If you use this key <%= ENV["SECRET_KEY_BASE'] %>

On your local machine you can set environment vars in your shell, like (bash or zsh)

export SECRET_KEY_BASE="yourkeybasehere"

And simulate that you run on production (but at your local machine) like

RAILS_ENV=production rails s

However, deploying on Heroku, you can use what they call config vars, by running heroku config:set command for your app.

heroku config:set SECRET_KEY_BASE=yourkeybasehere

Then the Rails app will populate this config var into secret.yml

production:
  secret_key_base: yourkeybasehere

Hope this explains thing you need to understand.

Though, if you would like to play and test. One option is trying to edit your app/views/layouts/application.html.erb file and put the config var you want to display, for instance USERNAME config var

  



<%= yield %>

Then deploy to heroku and run

heroku config:set USERNAME=gwho

You should see 'gwho' at the page title.

More details about Heroku config vars: https://devcenter.heroku.com/articles/config-vars

More details about Rails 4.1 secrets.yml: http://edgeguides.rubyonrails.org/4_1_release_notes.html#config/secrets.yml