How to upload a json file with secret keys to Heroku

Question

I\'m building a rails app that pulls data from Google Analytics using the Google Api Client Library for Ruby.

I\'m using OAuth2 and can get everything working in dev

Answer 1

I ran into this same problem using Google API. I ended up using openssl to assign a new very secret passphrase to the p12 file, storing that new file in the repo, and then putting the passphrase into app secrets and on Heroku env variables.

This way, the file is in the repo but it can't be accessed/read without the passphrase.

This post was helpful in changing the default google p12 passphrase from 'notasecret' to something secure.

def authorize!
  @client.authorization = Signet::OAuth2::Client.new(
    #...
    :signing_key => key
  )
end

def key
  Google::APIClient::KeyUtils.load_from_pkcs12(key_path, ENV.fetch('P12_PASSPHRASE'))
end

def key_path
  "#{Rails.root}/config/google_key.p12"
end