devise with omniauth - setting a seperate config for dev and production

Question

I'm using omniauth, with devise, to allow sign on through Facebook in my app.

My devise.rb file has the following line

config.omniauth :facebook, 'MY_DEV_APP_ID', 'MY_DEV_APP_SECRET' 

I have 2 apps on facebook, one pointing to my live url & the other to my dev url.

How do I add two separate omniauth configs to the devise rb file?

something like -

if ENV['RAILS_ENV'] = "production"
    config.omniauth :facebook, 'MY_LIVE_APP_ID', 'MY_LIVE_APP_SECRET'  
else
    config.omniauth :facebook, 'MY_DEV_APP_ID', 'MY_DEV_APP_SECRET' 
end

More importantly, should I be putting this in the devise.tb file or should it be seperated into my production.rb & devleopment.rb files? If so, how do I reference it in my devise.rb file?

Answer 1

My method for this is to store them in a yaml file. I call mine config/api_keys.yml

defaults: &defaults
  twitter:
    api_key: "KEY"
    api_secret: "SECRET"
  facebook:
    api_key: "KEY"
    api_secret: "SECRET"

development:
  <<: *defaults

test:
  <<: *defaults

production:
  twitter:
    api_key: "KEY2"
    api_secret: "SECRET2"
  facebook:
    api_key: "KEY2"
    api_secret: "SECRET2"

Then in my devise.rb file I do:

API_KEYS = YAML::load_file("#{Rails.root}/config/api_keys.yml")[Rails.env]
config.omniauth :facebook , API_KEYS['facebook']['api_key'], API_KEYS['facebook']['api_secret']
config.omniauth :twitter , API_KEYS['twitter']['api_key'], API_KEYS['twitter']['api_secret']

As a good practice, you probably shouldn't store your production API keys in this file in version control. You should store it on the server and symlink it over in your deploy script, like you would database.yml