Ruby on Rails, Paperclip, Heroku, GitHub and AWS - securing keys

Question

I\'m using RoR hosted by Heroku and I\'d like to store files on s3 using paperclip. My source code is hosted on github and is world readable. What is the best practice to keep t

Answer 1

You need use the ENV variable from your heroku app.

If you do a heroku config you can have access to all of your ENV variable. You just add some and use it directly in your application.

With this trick you don't need update your code to change your configuration and the configuration if not define in your code base.

In your s3.yml you just need do :

access_key_id: <%= ENV['S3_ACCESS_KEY'] %>
secret_access_key: <%= ENV['S3_SECRET_KEY'] %>
bucket: <%= ENV['S3_BUCKET_NAME'] %>

And add this ENV VARIABLE in your heroku app

heroku config:add S3_ACCESS_KEY='your_key'
heroku config:add S3_SECRET_KEY='your_secret'
heroku config:add S3_BUCKET_NAME='your_nucket_name'