Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Ruby on Rails, Paperclip, Heroku, GitHub and AWS - securing keys

Tags:

github

ruby-on-rails

heroku

amazon-s3

paperclip

I'm using RoR hosted by Heroku and I'd like to store files on s3 using paperclip. My source code is hosted on github and is world readable. What is the best practice to keep the keys a secret from the rest of the world?
Paperclip suggests that the access keys are stored in a configuration file (or in code), so for example I have:

file: config/s3.yml 

access_key_id: my_access_key_id
secret_access_key: my_very_secret_key
bucket: bucket_name

Heroku works by committing code to local git and then pushing it to Heroku. Since I'm also using github, I push the same code to github as well. That means that I push the secret keys there too.
I'm currently using a world-readable github account, so if I payed github I could make half the problem go away but still I'm not happy with secret keys lying in a configuration file in code. I don't know if there's a better practice for this though.

What is the best practice for keeping the keys secret and still using the above mentioned list of libraries and services?

BTW, I've only started with ror and heroku last week so I may be considered a newbe, please be considerate ;) Thanks!

like image 211
Ran Avatar asked Feb 10 '11 11:02

Ran

2 Answers

You need use the ENV variable from your heroku app.

If you do a heroku config you can have access to all of your ENV variable. You just add some and use it directly in your application.

With this trick you don't need update your code to change your configuration and the configuration if not define in your code base.

In your s3.yml you just need do :

access_key_id: <%= ENV['S3_ACCESS_KEY'] %>
secret_access_key: <%= ENV['S3_SECRET_KEY'] %>
bucket: <%= ENV['S3_BUCKET_NAME'] %>

And add this ENV VARIABLE in your heroku app

heroku config:add S3_ACCESS_KEY='your_key'
heroku config:add S3_SECRET_KEY='your_secret'
heroku config:add S3_BUCKET_NAME='your_nucket_name'
like image 101
shingara Avatar answered Nov 03 '22 18:11

shingara

Not long ago Amazon released official AWS SDK for Ruby. It works pretty well with S3, supports American, European and Japanese S3 instances from the box and well maintained.

I have created a storage module for Paperclip called paperclip-aws to works with AWS SDK.

Feel free to use it. I hope that it will help.

like image 34
Igor Alexandrov Avatar answered Nov 03 '22 18:11

Igor Alexandrov
Sign in to Comment

Related questions

How to remove whitespace from Model attributes?
ActiveRecord::UnknownAttributeError?
Add asset path in rails mountable engine?
How do I dynamically invoke or call a class in Rails?
How to run Ruby programs in MAC OS Terminal [duplicate]
How can I run Rails background jobs on AWS Elastic Beanstalk?
Reloading rails middleware without restarting the server in development
How to test a method on an ActiveRecord::Relation object in rspec?
How do I load page javascript after async loading of my manifest file
Renaming controllers in Rails and cleaning out generated content
Rails: Elegant way to handle navigation?
what would happen if you use belongs_to without having a corresponding has_one?
how to get ID back from a URL in rails
Rails transaction: save data in multiple models
How do you keep your business rules DRY?
How do I create many-one relationships using Scaffold?
Getting started with learning the Rails source [closed]
Rails: How do I run a before_save only if certain conditions are met?
Enforce an Order to Rails Callbacks
Devise authentication without password, using just username

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!