How to handle secrets.yml in Rails 4.1

Question

I am using Rails 4.1's secrets.yml to store my keys etc, but I am wondering, if this file should be gitignore, so I don't store any sensitive data in my repo?

If I gitignore it, how do I access secrets on my server? (Which is Engineyard, in this case)

score 1 · Answer 1 · edited May 23 '17 at 12:05

1

You should use envirement-variablesand set them on the production-system.

key: <%= ENV['PRODUCTION_KEY'] %>

I don´t know Engineyard, but on heroku there are some simple commands to set the envirement-variables

heroku config:add PRODUCTION_KEY=123

@Update, here is a post on stackoverflow on how you set them on engineyard

edited May 23 '17 at 12:05

Community

1
1

answered Aug 15 '14 at 11:33

Stephan

161
1
9

This should be accepted as the correct answer because using ENV variables is the standard practice among most professionals (opinion I know, but one shared among many leading developers). – Dan L Nov 05 '14 at 15:25

How to handle secrets.yml in Rails 4.1

1 Answers1