Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where should I store sensitive files on Heroku?

There's probably an obvious answer to this question that I'm just not thinking of. I know that sensitive data such as secure credentials are best stored on a service like Heroku using environment variables via Heroku's CLI with heroku config:add. But what about sensitive files, such as certificates? Specifically I'm wondering what I should do with my certificate for Apple Push Notifications (APN).

I'm taking a stab at implementing this myself since the silence in response to this question leads me to believe there aren't a lot of great alternatives there (and Urban Airship looks too expensive). From taking a gander at APN on Rails, I see that they actually store certificates in the database. Does that make sense? Or would it make sense to actually store the content of the certificate in an environment variable (not sure if that's even possible)?

like image 984
Dan Tao Avatar asked Jul 07 '12 22:07

Dan Tao


2 Answers

You can set the whole certificate in an environment variable.

See this answer: Multi-line config variables in Heroku

like image 195
Karlotcha Hoa Avatar answered Nov 16 '22 00:11

Karlotcha Hoa


You might consider storing the cert in S3 which can be downloaded by each process at startup and stored in memory (or memcached/redis) for subsequent access.

If you're really feeling it you might consider creating your own buildpack which does the cert download at slug compile time and makes it available on the slug filesystem.

like image 35
Ryan Daigle Avatar answered Nov 15 '22 22:11

Ryan Daigle