set secret keys for amazon aws3

问题

I use fog and carrierwave. Right now I just have simple uploader that I run locally:

CarrierWave.configure do |config|
    config.fog_credentials = {
        :provider               => 'AWS',
        :aws_access_key_id      => ENV['S3_ACCESS_KEY'],
        :aws_secret_access_key  =>  ENV['S3_SECRET_KEY'],
      :region                 => 'us-west-1', # Change this for 

  }
  config.fog_directory  = "bucket-main"    
end

But now I have a question where should I save my secret keys.

On heroku environment I could print like this

$ heroku config:set S3_ACCESS_KEY=THERANDOMKEYYOUGOT  
$ heroku config:set S3_SECRET_KEY=an0tHeRstRing0frAnDomjUnK  
$ heroku config:set S3_REGION=us-west-2  
$ heroku config:set S3_BUCKET=my-sample-app-bucket-20160126

But I don't know what to do on my local machine.

I've followed this tutorial https://github.com/sifxtreme/rails-carrierwave-s3

And stored my keys in config/secrets.yml file which I just created:

development: &defaults
  S3_ACCESS_KEY: "AKHJJHHJHJJHHJHJDHJDDJDHJDHJDJHDRANDOMFQ"
  S3_SECRET_KEY: "HfkdjgjkfjkgjkfjkRANDOM2JSJDKKJJKSSJDJKSKaN"

test:
  <<: *defaults

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  <<: *defaults

But rails s command gives me this error: /home/jonstark/.rvm/gems/ruby-2.3.0@railstutorial_rails_4_0/gems/fog-core-1.35.0/lib/fog/core/service.rb:244:in `validate_options': Missing required arguments: aws_access_key_id, aws_secret_access_key (ArgumentError)

Soo what do I do?

回答1:

With my secrets.yml what I tend to do is:

# secrets.yml
local: &local
  secret_key_base: 123abc

remote: &remote
  secret_key_base: abc123
  aws_secret_key: <%= ENV['AWS_SECRET_KEY'] %>

development:
  <<: *local

test:
  <<: *local

production:
  <<: *remote

That above file should be a good enough proof of concept for what I tend to do. This way you can store your secrets in your environment variables and not have to commit them to source control. I never commit them to source control.

If a platform asks you to commit your secrets to source control, its a platform with some terrible software architecture. Architecture should always consider security.

Since you're on your development environment, you shouldn't actually need to connect to AWS S3, unless you're developing ontop of it. Ideally, to help speed up your development environment and to not clog up your servers, you can save the files into, say, your public folder and not on S3.

回答2:

I solved this adding gem 'figaro' to my gemfile.

来源：https://stackoverflow.com/questions/35511712/set-secret-keys-for-amazon-aws3