[LRUG] How do you manage secrets in Rails apps?

Riccardo Tacconi rtacconi at gmail.com
Tue Sep 23 16:01:36 PDT 2014


Yes, usually you have your info in an encrypted data bag, or you store the
data bag directly in Chef, then during the Chef run data is rendered in a
template. From that template, say /etc/environment, you can have you ENV
variables set up and ready to be used.

secrets.yml does not seem to be a big new feature. You can add you YAML
file and load it at boot (Rails boot) time. What it important is not to
store sensitive data in a GIT repository, unless it is encrypted.

On 23 September 2014 23:34, Phil Nash <philnash at gmail.com> wrote:

> Thanks for the answers so far everyone.
>
> I'm interested in the methods you use to manage either secrets.yml,
> figaro's application.yml or dotenv's .env.production on production servers
> too. Do you do so using chef, as Seung-Hyo suggested (great link to that
> write up there, thanks) or some other way?
>
> Thanks again, this is really interesting!
>
> Phil
>
> On Tue, Sep 23, 2014 at 7:18 PM, Siddharth Sharma <svs at svs.io> wrote:
>
>> Rails 4.1 has secrets.yml
>> http://edgeguides.rubyonrails.org/4_1_release_notes.html
>>
>> For lower versions of Rails, I've been using figaro for years with no
>> problems. I like to never have my production environment variables anywhere
>> near my development environment, so I actually prefer not having an easy
>> way to set heroku configs, etc.
>>
>> On Tue, Sep 23, 2014 at 11:43 PM, James McCarthy <james at lety.co> wrote:
>>
>>> Dotenv.
>>>
>>>
>>> James McCarthy
>>>
>>> Software Engineer
>>>
>>> LetyCo - Analyse, Build, Deliver
>>> Ruby/Rails software for London and the SouthEast.
>>>
>>> Mob:  07577006897
>>>
>>> Email:  james at lety.co
>>>
>>> lety.co
>>>
>>>
>>>
>>> -------- Original message --------
>>> From: Phil Nash
>>> Date:23/09/2014 19:06 (GMT+00:00)
>>> To: London Ruby Users Group
>>> Subject: [LRUG] How do you manage secrets in Rails apps?
>>>
>>> Hi LRUG,
>>>
>>> I've been thinking a lot recently about application secrets like API or
>>> database credentials and how they are stored in different environments for
>>> Rails apps. I was hoping that you lovely LRUG member could share how you
>>> deal with this yourself.
>>>
>>> Currently I only tend to deploy apps to Heroku, so I use environment
>>> variables throughout the app, loaded in development/test environments with
>>> the envyable <https://github.com/philnash/envyable> gem, though figaro
>>> <https://github.com/laserlemon/figaro> would do the same job.
>>>
>>> So, what I'm asking is, if you use environment variables for config in
>>> your applications how do you load them in both development and production
>>> environments?
>>>
>>> Thanks,
>>>
>>> Phil
>>>
>>> --
>>> Phil Nash
>>> @philnash
>>>
>>> _______________________________________________
>>> Chat mailing list
>>> Chat at lists.lrug.org
>>> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>>> Manage your subscription:
>>> http://lists.lrug.org/options.cgi/chat-lrug.org
>>> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>>
>>>
>>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>


-- 
Riccardo Tacconi

http://github.com/rtacconi
http://twitter.com/rtacconi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20140924/ee70d323/attachment-0003.html>


More information about the Chat mailing list