Menu
What is the best practice for storing/retrieving API keys in rails3?
Should I create my own application yaml and access it through there? If so, how?
Sorry for the noob question...
956
Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree. Do not store API keys in files inside your application's source tree.
API keys aren't as secure as authentication tokens (see Security of API keys), but they identify the application or project that's calling an API. They are generated on the project making the call, and you can restrict their use to an environment such as an IP address range, or an Android or iOS app.
You can pass in the API Key to our APIs either by using the HTTP Basic authentication header or by sending an api_key parameter via the query string or request body. If you use our client library CARTO. js, you only need to follow the authorization section and we will handle API Keys automatically for you.
I use the settingslogic plugin for things like this. Very easy to use.
Add settingslogic to your Gemfile and bundle install:
gem 'settingslogic'
Create a directory for your settings and place the settingslogic yaml in there:
/my_app/config/settings/my_settings.yml
You can include default settings and per environment settings. The file looks like this:
defaults: &defaults
api_key: abc123
development:
<<: *defaults
test:
<<: *defaults
production:
<<: *defaults
Add this file: app/models/my_settings.rb, start up your app and you are good to go
class MySettings < Settingslogic
source "#{Rails.root}/config/settings/my_settings.yml"
namespace Rails.env
end
Now you can use call these settings from anywhere in the app like so:
MySettings.api_key
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
