Rails 4.1 pushing secrets to heroku

Question

Rails 4.1.0.beta1 and Devise.

I\'m trying to remove all of my keys from version control and I\'ve upgraded to Rails 4.1 to give this new secrets.yml a shot

T

Answer 1

You've likely got secrets.yml added to your .gitignore. Which makes sense, since you put secret keys in it -- but since Heroku deployment uses git, it never sees your secrets.yml.

One solution is to use the heroku_secrets gem - See https://stackoverflow.com/a/22458102/2831572 .

Another solution is to add secrets.yml to git (i.e. remove it from .gitignore) after replacing all sensitive keys with references to environment variables.
So:

production:
  devise_secret_key: <%= ENV['DEVISE_KEY'] %>

then run heroku config:set DEVISE_KEY='7658699e0f765e8whatever'