StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>I've been looking into this recently as well; I wanted to keep sensitive information hidden throughout the process of pushing open source code to Github, then automatically pushed to <a href="https://travis-ci.org/" rel="nofollow noreferrer">Travis CI</a> for testing, then from Travis being automatically deployed to <a href="http://www.heroku.com/" rel="nofollow noreferrer">Heroku</a>. Here are all the details of what I've found so far looking at various StackOverflow Q&As, blogs etc, which will hopefully serve as a reference for you, even if only for config inside the Rails app (omit any <code>{{ ... }}</code> you see)</p> <p><em>Disclaimer: I'm by no means an expert here, so please keep in mind there are likely better ways to do this than what I'm trying. I'd love to be able to learn some new tricks in this Q&A thread.</em></p> <hr> <h2>Inside the Rails App</h2> <p>I currently use the <a href="https://github.com/laserlemon/figaro" rel="nofollow noreferrer">Figaro gem</a> to hide sensitive information in <code>ENV</code> environment variables. In my (<code>.gitignore</code>d) <strong>config/application.yml</strong>, I keep the following information:</p> <pre><code># App keys SECRET_TOKEN: # your rake secret generated token development: DB_NAME: # your dev db name here DB_USER: # your dev db username here DB_PASSWORD: # your dev db password here test: DB_NAME: # your test db name here DB_USER: # your test db username here DB_PASSWORD: # your test db password here production: DB_NAME: # your prod db name here DB_USER: # your prod db username here DB_PASSWORD: # your prod db password here # Third Party keys that you will reference in their relevant files THIRD_PARTY_API_OR_LICENSE_KEY: # list of whatever api/license keys you use </code></pre> <p>(<code>DB_NAME</code>, <code>DB_USER</code>, and <code>DB_PASSWORD</code> will be used dynamically depending on what environment your app is running in). </p> <p>An empty version of the above file (<strong>config/application.example.yml</strong>) gets pushed to Github with some instructions on how to fill it in.</p> <p>The files that are pushed to Github and reference these variables look like this:</p> <p><strong>config/database.yml</strong><br> (Postgresql is used here, but you should be able to change the settings for whatever database you use)</p> <pre><code>postgresql: &postgresql adapter: postgresql database: <%= ENV['DB_NAME'] %> username: <%= ENV['DB_USER'] %> password: <%= ENV['DB_PASSWORD'] %> min_messages: ERROR defaults: &defaults pool: 5 timeout: 5000 host: localhost <<: *<%= ENV['DB'] || "postgresql" %> development: <<: *defaults test: <<: *defaults production: <<: *defaults </code></pre> <p><strong>config/initializers/secret_token.rb</strong></p> <pre><code>if Rails.env.production? && ENV['SECRET_TOKEN'].blank? raise 'SECRET_TOKEN environment variable must be set!' end YourApp::Application.config.secret_token = ENV['SECRET_TOKEN'] || {{WHATEVER_SECRET_TOKEN_RAILS_GENERATED_BY_DEFAULT}} </code></pre> <p>(Plus, whatever files would be referencing <code>THIRD_PARTY_API_OR_LICENSE_KEY</code>-type keys.)</p> <h2>Testing on Travis CI</h2> <p>Create encrypted travis variables using the <a href="https://github.com/travis-ci/travis" rel="nofollow noreferrer">Travis gem</a>. The Heroku API key and Heroku Git URL are needed if you deploy direct to Heroku from a Travis worker (see <a href="https://stackoverflow.com/q/10235026/567863">this StackOverflow Q&A</a> for details), otherwise you can omit them if you just use it for testing:</p> <pre><code>$ gem install travis $ travis encrypt your_username/your_repo HEROKU_API_KEY={{YOUR_HEROKU_API_KEY}} $ travis encrypt HEROKU_GIT_URL={{YOUR_HEROKU_GIT_URL}} # eg git@heroku.com:your_app.git $ travis encrypt DB_NAME={{YOUR_DB_NAME_UNDER_TEST}} # eg your_app_test $ travis encrypt DB_USER={{YOUR_DB_USER_UNDER_TEST}} $ travis encrypt DB_PASSWORD={{YOUR_DB_PASSWORD_UNDER_TEST}} </code></pre> <p>(Plus, encrypt any other keys you may need during testing, if any...)</p> <p>Then add them to <strong>.travis.yml</strong><br> (once again Postgresql-focused, but you should be able to change the settings for whatever database you use)</p> <pre><code>env: global: - secure: {{YOUR_ENCRYPTED_HEROKU_API_KEY}} - secure: {{YOUR_ENCRYPTED_HEROKU_GIT_URL}} - secure: {{YOUR_ENCRYPTED_DB_NAME}} - secure: {{YOUR_ENCRYPTED_DB_USER}} - secure: {{YOUR_ENCRYPTED_DB_PASSWORD}} matrix: - DB: postgresql before_script: - psql -c "create database $DB_NAME;" -U $DB_USER - RAILS_ENV=test bundle exec rake db:migrate script: - bundle exec rspec spec/ after_success: - gem install heroku - git remote add heroku $HEROKU_GIT_URL # ... see link above for the rest of the config content </code></pre> <p>Multiple variables marked with the same name of <code>secure</code> are fine; they'll show up in the config as <code>HEROKU_API_KEY=[secure] HEROKU_GIT_URL=[secure]</code> etc.</p> <h2>Deployment to Heroku</h2> <p>Use the Figaro's Heroku rake task to automatically set the environment variables that Heroku needs to see in production:</p> <pre><code>$ rake figaro:heroku </code></pre> <p>Or, set them manually:</p> <pre><code>$ heroku config:set SECRET_TOKEN={{YOUR_SECRET_TOKEN}} $ heroku config:set DB_NAME={{YOUR_DB_NAME_UNDER_PRODUCTION}} # eg your_app_production $ heroku config:set DB_USER={{YOUR_DB_USER_UNDER_PRODUCTION}} $ heroku config:set DB_PASSWORD={{YOUR_DB_PASSWORD_UNDER_PRODUCTION}} $ heroku config:set THIRD_PARTY_API_OR_LICENSE_KEY={{YOUR_THIRD_PARTY_API_OR_LICENSE_KEY}} </code></pre> <p>Then, attempt a deployment.</p> <hr> <p>That's all I have for now. Not sure at the moment if I should be hiding more info or if I'm not hiding it well enough, but it's a work in progress.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload