Rails 4.1 向 heroku 推送秘密 [英] Rails 4.1 pushing secrets to heroku

问题描述

Rails 4.1.0.beta1 和 Devise.

Rails 4.1.0.beta1 and Devise.

我正在尝试从版本控制中删除我的所有密钥，并且我已升级到 Rails 4.1 以试用这个新的 secrets.yml

I'm trying to remove all of my keys from version control and I've upgraded to Rails 4.1 to give this new secrets.yml a shot

尝试将 Devise 的 config.secret_key 推送到 heroku，但在 assets:precompile 后失败了

Trying to push Devise's config.secret_key to heroku but it's failing after assets:precompile

Preparing app for Rails asset pipeline
       Running: rake assets:precompile
       rake aborted!
       Devise.secret_key was not set. Please add the following to your Devise initializer:
       config.secret_key = 'EXAMPLE_KEY_HERE'
       Please ensure you restarted your application after installing Devise or setting the key.

这是我的更改，我将在评论中留下旧代码.(有效)

Here are my changes, the old code I'll leave in comments. (it works)

devise.rb

  # config.secret_key = 'THIS_IS_A_FAKE_KEY' #<---this_is_commented_out
  config.secret_key = Rails.application.secrets.devise_secret_key

secrets.yml

production:
  devise_secret_key: 'THIS_IS_A_FAKE_KEY'

然后运行 ​​heroku labs:enable user-env-compile -a myapp(不确定是否有必要)

then ran heroku labs:enable user-env-compile -a myapp (not sure if that's necessary)

然后当我推送到我的分叉 Heroku 环境 git push forked master 时，我收到了上述错误.

and then when I push to my forked heroku envionment git push forked master I get the above error.

我还注意到在这个 Devise 存储库中对此进行了一些讨论，所以我想我会在源存储库旁边更新我的 gem，没有区别.这是讨论的一部分(此处).

I also noticed some discussion on this in this Devise repo so I figured I'd update my gem alongside the source repo, no difference. Here's part of that discussion (here).

推荐答案

您可能已经将 secrets.yml 添加到您的 .gitignore 中.这是有道理的，因为您将密钥放入其中 -- 但由于 Heroku 部署使用 git，因此它永远不会看到您的 secrets.yml.

You've likely got secrets.yml added to your .gitignore. Which makes sense, since you put secret keys in it -- but since Heroku deployment uses git, it never sees your secrets.yml.

一种解决方案是使用 heroku_secrets gem - 参见 https://stackoverflow.com/a/22458102/2831572.

One solution is to use the heroku_secrets gem - See https://stackoverflow.com/a/22458102/2831572 .

另一种解决方案是在使用环境变量引用替换所有敏感键后，将 secrets.yml 添加到 git(即从 .gitignore 中删除它).
所以:

Another solution is to add secrets.yml to git (i.e. remove it from .gitignore) after replacing all sensitive keys with references to environment variables.
So:

production:
  devise_secret_key: <%= ENV['DEVISE_KEY'] %>

然后运行 ​​heroku config:set DEVISE_KEY='7658699e0f765e8whatever'

这篇关于Rails 4.1 向 heroku 推送秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！