[LRUG] How do you manage secrets in Rails apps?

Tim Cowlishaw tim at timcowlishaw.co.uk
Wed Sep 24 01:39:04 PDT 2014


On 23 September 2014 19:16, Josh McMillan <josh at joshmcmillan.co.uk> wrote:

>
> I’m interested to see how dotenv-deployment
> <https://github.com/bkeepers/dotenv-deployment> could be used in
> production. Never used it in anger, and not sure what benefits it provides
> over writing to a system-wide file like /etc/environment.
>
> (This is a slight tangent, so apologies in advance, but...) I'd also be
interested to know about this, and particularly about what the perceived
advantages of dotenv in this context are.

My understanding of the reasoning behind using env vars for config in the
12 factor thing was in order to entirely seperate config from the codebase,
and rely on a standard, unix-y way of passing them in from the system (ie
environment variables).

It seems to me that adding a bunch of coupling in the form of a gem
dependency, 'Dotenv.load' call, and .env file is a rather convoluted way of
reinventing config/foo.yml files while adhering to the letter (and not the
spirit) of the 12-factor guidelines. It's clearly popular though, so I feel
like I'm missing something. Anyone care to tell me why I'm wrong?

Thanks,

Tim

On 23 September 2014 19:16, Josh McMillan <josh at joshmcmillan.co.uk> wrote:

> Generally speaking, I’ll use dotenv <https://github.com/bkeepers/dotenv> in
> development. You can easily export your Heroku environment config in that
> format if necessary (“heroku config --shell > .env”), which can
> occasionally be quite convenient (albeit obviously rather dangerous — you
> don’t want to accidentally be fiddling with your production database with a
> “rails c").
>
> In production, that’s platform dependent. If Heroku, then obviously
> “heroku config”. If something else (lately I’ve been fiddling with AWS
> OpsWorks), I’ll typically write to /etc/environment on deploy.
>
> I’m interested to see how dotenv-deployment
> <https://github.com/bkeepers/dotenv-deployment> could be used in
> production. Never used it in anger, and not sure what benefits it provides
> over writing to a system-wide file like /etc/environment.
>
> --
> Josh McMillan
> @mcmillatronic
>
> On 23 September 2014 at 19:06:23, Phil Nash (philnash at gmail.com) wrote:
>
>    Hi LRUG,
>
> I've been thinking a lot recently about application secrets like API or
> database credentials and how they are stored in different environments for
> Rails apps. I was hoping that you lovely LRUG member could share how you
> deal with this yourself.
>
> Currently I only tend to deploy apps to Heroku, so I use environment
> variables throughout the app, loaded in development/test environments with
> the envyable <https://github.com/philnash/envyable> gem, though figaro
> <https://github.com/laserlemon/figaro> would do the same job.
>
> So, what I'm asking is, if you use environment variables for config in
> your applications how do you load them in both development and production
> environments?
>
> Thanks,
>
> Phil
>
> --
> Phil Nash
> @philnash
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20140924/756aba9e/attachment.html>


More information about the Chat mailing list