Getting started with Ruby on Rails Routing ActiveRecord Views ActiveRecord Migrations Rails Best Practices Naming Conventions ActionCable ActiveModel User Authentication in Rails ActiveRecord Associations ActiveRecord Validations ActiveRecord Query Interface ActionMailer Rails generate commands Configuration I18n - Internationalization Using GoogleMaps with Rails File Uploads Caching ActionController Configuration Safe Constantize Rails 5 Authorization with CanCan Mongoid Gems Change default timezone Asset Pipeline Upgrading Rails ActiveRecord Locking Debugging Configure Angular with Rails Rails logger Prawn PDF Rails API Deploying a Rails app on Heroku ActiveSupport Form Helpers ActiveRecord Transactions RSpec and Ruby on Rails Decorator pattern Elasticsearch React with Rails using react-rails gem Rails Cookbook - Advanced rails recipes/learnings and coding techniques Multipurpose ActiveRecord columns Class Organization Shallow Routing Model states: AASM Rails 5 API Authetication Testing Rails Applications Active Jobs Rails frameworks over the years Add Admin Panel Nested form in Ruby on Rails Factory Girl Import whole CSV files from specific folder Tools for Ruby on Rails code optimization and cleanup ActiveJob Active Model Serializers Rails Engine - Modular Rails Single Table Inheritance ActiveRecord Transactions Turbolinks Friendly ID Securely storing authentication keys Authenticate Api using Devise Integrating React.js with Rails Using Hyperloop Change a default Rails application enviornment Reserved Words Rails -Engines Adding an Amazon RDS to your rails application Payment feature in rails Rails on docker

Securely storing authentication keys

Storing authentication keys with Figaro

Add gem 'figaro' to your Gemfile and run bundle install. Then run bundle exec figaro install; this will create config/application.yml and add it to your .gitignore file, preventing it from being added to version control.

You can store your keys in application.yml in this format:

SECRET_NAME: secret_value

where SECRET_NAME and secret_value are the name and value of your API key.

You also need to name these secrets in config/secrets.yml. You can have different secrets in each environment. The file should look like this:

development:
  secret_name: <%= ENV["SECRET_NAME"] %>
test:
  secret_name: <%= ENV["SECRET_NAME"] %>
production:
  secret_name: <%= ENV["SECRET_NAME"] %>

How you use these keys varies, but say for example some_component in the development environment needs access to secret_name. In config/environments/development.rb, you'd put:

Rails.application.configure do
  config.some_component.configuration_hash = {
    :secret => Rails.application.secrets.secret_name
  }
end

Finally, let's say you want to spin up a production environment on Heroku. This command will upload the values in config/environments/production.rb to Heroku:

$ figaro heroku:set -e production

Contributors

Topic Id: 9711

Example Ids: 29947

This site is not affiliated with any of the contributors.