[LRUG] How do you manage secrets in Rails apps?

Seung-Hyo Choi seunghyochoi at gmail.com
Tue Sep 23 11:13:42 PDT 2014


I'm not sure what the process would be for Heroku, but common practice is
to use chef and knife to create encrypted databags. The sensitive
information is then interpolated into files that are generated by chef
during deploy (e.g. config yml files, etc.).

This process is only done for production. For dev, you should ideally have
keys different than production ones so even if they get stolen, your
production data is fine.

This is a decent write up:
http://engineering.ooyala.com/blog/keeping-secrets-chef

On Tue, Sep 23, 2014 at 11:06 AM, Phil Nash <philnash at gmail.com> wrote:

> Hi LRUG,
>
> I've been thinking a lot recently about application secrets like API or
> database credentials and how they are stored in different environments for
> Rails apps. I was hoping that you lovely LRUG member could share how you
> deal with this yourself.
>
> Currently I only tend to deploy apps to Heroku, so I use environment
> variables throughout the app, loaded in development/test environments with
> the envyable <https://github.com/philnash/envyable> gem, though figaro
> <https://github.com/laserlemon/figaro> would do the same job.
>
> So, what I'm asking is, if you use environment variables for config in
> your applications how do you load them in both development and production
> environments?
>
> Thanks,
>
> Phil
>
> --
> Phil Nash
> @philnash
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20140923/1ec5d2fc/attachment.html>


More information about the Chat mailing list