How to use secrets.yml for API_KEYS in Rails 4.1?
In one of my recent projects I started out by .gitignoring the files containing secrets and environment variables. So the entire project is committed to the repo ex
-
One way to do it is to store those secret keys in environment variables. How to set an environment variable is different depending on what operating system you're on. For a linux machine, usually you're editing a .bashrc or .bash_profile file in your home directory and adding a line that looks like:
export API_KEYS=apikeygoeshereYou'll have to edit the file for whatever user will run rails.
Then in
production.rb, you can refer to those environment variables as:ENV["API_KEYS"]Another option is to use a ruby gem that essentially takes care of that for you, like figaro. The way it works is that you create another file that you don't check in and figaro takes care of setting them up as environment variables, which you can then refer to in your development.rb/production.rb scripts using the
ENV["API_KEYS"]above. Because you aren't checking in the file that has all of the environment variables, you'll have to find some way to get that file onto whatever machines are running the code.讨论(0) -
I know this question is specific to Rails 4.1, but those who upgrade to Rails 5.1 it now includes built in secret generation. Which seems a much better way to handle sensitive data in your rails app.
See: http://edgeguides.rubyonrails.org/5_1_release_notes.html#encrypted-secrets
讨论(0) -
Rails.application.secrets.key_name讨论(0) -
First rule: DO NOT CHECK-IN
secrets.ymlinto the repo.All right, here's how a
secret.ymlwould look:development: secret_key_base: 6a1ada9d8e377c8fad5e530d6e0a1daa3d17e43ee... # Paste output of $ rake secret here for your dev machine. test: secret_key_base: _your_secret_ as above production: secret_key_base: <%= secure_token %> STRIPE_PUBLISHABLE_KEY: 'Put your stripe keys for production' STRIPE_SECRET_KEY: 'Put actual keys for production here' FB_APP_SECRET: 'same as above' FB_CALLBACK_URL: 'FB url here' FB_CALLBACK_UPDATE_URL: 'FB url here' GOOGLE_KEY: 'Put your keys for production' GOOGLE_SECRET: 'same as above' TWITTER_KEY: 'same as above' TWITTER_SECRET: 'same as above' TWITTER_USERNAME: 'same as above' LINKEDIN_KEY: 'same as above' LINKEDIN_SECRET: 'same as above'Note the
secure_tokenup there in theproduction:block. On production server I'm using an initializer to dynamically generate secret_tokens on-the-fly.sidenote: be careful about spaces and tabs inside the .yml file. It must be properly formatted and spaced (such as having a space after the ':' symbol).
To set it up on production you could then scp the file directly from your local or use the capistrano-secrets-yml gem.
This will not work. See an updated method as per @OddityOverseer's answer below.
To access the environment variables in your app
environments/production.rbuse:FB_APP_SECRET = ENV['FB_APP_SECRET'] FB_CALLBACK_URL = ENV['FB_CALLBACK_URL'] FB_CALLBACK_UPDATE_URL = ENV['FB_CALLBACK_UPDATE_URL'] GOOGLE_KEY = ENV['GOOGLE_KEY'] GOOGLE_SECRET = ENV['GOOGLE_SECRET'] TWITTER_KEY = ENV['TWITTER_KEY'] TWITTER_SECRET = ENV['TWITTER_SECRET'] TWITTER_USERNAME = ENV['TWITTER_USERNAME'] LINKEDIN_KEY = ENV['LINKEDIN_KEY'] LINKEDIN_SECRET = ENV['LINKEDIN_SECRET']
UPDATED August-2016:
To access the environment variables in your app
environments/production.rbuse:FB_APP_SECRET = Rails.application.secrets.FB_APP_SECRET FB_CALLBACK_URL = Rails.application.secrets.FB_CALLBACK_URL FB_CALLBACK_UPDATE_URL = Rails.application.secrets.FB_CALLBACK_UPDATE_URL GOOGLE_KEY = Rails.application.secrets.GOOGLE_KEY GOOGLE_SECRET = Rails.application.secrets.GOOGLE_SECRET TWITTER_KEY = Rails.application.secrets.TWITTER_KEY TWITTER_SECRET = Rails.application.secrets.TWITTER_SECRET TWITTER_USERNAME = Rails.application.secrets.TWITTER_USERNAME LINKEDIN_KEY = Rails.application.secrets.LINKEDIN_KEY LINKEDIN_SECRET = Rails.application.secrets.LINKEDIN_SECRETThat's about it.
讨论(0)
加载中...
- 热议问题