Ruby on Rails, Paperclip, Heroku, GitHub and AWS - securing keys

Question

I\'m using RoR hosted by Heroku and I\'d like to store files on s3 using paperclip. My source code is hosted on github and is world readable. What is the best practice to keep t

Answer 1

Not long ago Amazon released official AWS SDK for Ruby. It works pretty well with S3, supports American, European and Japanese S3 instances from the box and well maintained.

I have created a storage module for Paperclip called paperclip-aws to works with AWS SDK.

Feel free to use it. I hope that it will help.

Answer 2

You need use the ENV variable from your heroku app.

If you do a heroku config you can have access to all of your ENV variable. You just add some and use it directly in your application.

With this trick you don't need update your code to change your configuration and the configuration if not define in your code base.

In your s3.yml you just need do :

access_key_id: <%= ENV['S3_ACCESS_KEY'] %>
secret_access_key: <%= ENV['S3_SECRET_KEY'] %>
bucket: <%= ENV['S3_BUCKET_NAME'] %>

And add this ENV VARIABLE in your heroku app

heroku config:add S3_ACCESS_KEY='your_key'
heroku config:add S3_SECRET_KEY='your_secret'
heroku config:add S3_BUCKET_NAME='your_nucket_name'

Answer 3

err.. there is no other way if you are using heroku. You've got to put everything in a repo and push it to them.

Reg github, if you are going to use public repos - "private" them if you need those keys to make your app work. You got to trust your team members even if you give access to that private github repo to a selected few people.

I am not aware of any other ideas.