一步一步解释如何在部署到Heroku时使用Rails secrets.yml而无需公开密钥公开回购 [英] Step by Step explanation for using Rails secrets.yml without exposing keys to public repo when deploying to Heroku

问题描述

我正在使用Rails 4.1.1和ruby 2.0.0

目前，我忽略了我的secrets.yml文件到我的gitignore for github。

secrets.yml

 开发：
 secret_key_base：numb3r57ndl3tt3r5 
 
测试：
 secret_key_base：differentnumbersandletters13531515 
 
产品：
 secret_key_base：<％= ENV [SECRET_KEY_BASE']％> 
  

如果这个生产密钥是动态的，它从哪里读取它？我们在哪里提供该信息？这些信息如何到达heroku而不进入github？

我的heroku应用程序的设置中已经有一个秘密密钥环境变量
我认为它已经创建当我使用heroku_secrets gem https://github.com/alexpeattie/heroku_secrets 运行rake注释 rake heroku：secrets RAILS_ENV = production

有人可以解释con以及如何正确使用secrets.yml而不暴露给公众的秘密密钥的实际步骤？

如果您还可以继续添加另一个秘密关键的一个不同的API例如，这将非常赞赏。

我想了解说明中的步骤发生了什么，而不是什么像做到这一点，做到这一点，做到这一点。另外，如果有代码，请指定应该放置哪个文件，而不是仅仅提供代码，并且假设读者将仅根据代码知道它的位置（严谨看待heroku指南作者）

谢谢！如果您使用此密钥<％= ENV [SECRET_KEY_BASE']％> =

;

在您的本地机器上，您可以在shell中设置环境变量，如（bash或zsh）

  export SECRET_KEY_BASE =yourkeybasehere
  

并模拟你在生产（但在你的本地机器上）运行，比如

  RAILS_ENV =生产轨道s 
  

然而，通过运行 heroku config，你可以使用他们称为config vars的配置：为您的应用程序设置命令。

  heroku config：set SECRET_KEY_BASE = yourkeybasehere 
  

然后Rails应用程序会将此配置变量填充到secret.yml中

 生产：
 secret_key_base：yourkeybasehere 
  

解释你需要理解的事情。

虽然，如果你w应该玩和测试。
一个选项是尝试编辑你的app / views / layouts / application.html.erb文件，并放置你想要显示的配置变量，例如USERNAME config var

 <！DOCTYPE html> 
< html> 
< head> 
< title><％= ENV ['USERNAME']％>< / title> 
< / head> 
< body> 
 
<％= yield％> 
 
< / body> 
< / html> 
  

然后部署到heroku并运行

heroku config：set USERNAME = gwho

您应该在页面标题中看到'gwho'。

有关Heroku config vars的更多详情： https：// devcenter .heroku.com / articles / config-vars

有关Rails 4.1 secrets.yml的更多详细信息： http://edgeguides.rubyonrails.org/4_1_release_notes.html#config/secrets.yml

I am using Rails 4.1.1 and ruby 2.0.0

I've currently ignored my secrets.yml file to my gitignore for github.

secrets.yml

development:
  secret_key_base: numb3r57ndl3tt3r5

test:
  secret_key_base: differentnumbersandletters13531515

production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE'] %>

If this production key is dynamic, where does it read it from? Where do we provide that info? How does that info get to heroku without getting to github?

I already have a secret key environment variable in my heroku app's settings. I think it was created when I used the heroku_secrets gem https://github.com/alexpeattie/heroku_secrets to run the rake comment rake heroku:secrets RAILS_ENV=production

Can someone explain the conceptual steps, as well as the practical steps on how to utilize secrets.yml properly without exposing secret keys to the public?

If you can also go over with adding another secret key for a different API for instance, that would be much appreciated as well.

I'd like to understand what is happening in the steps in the explanation, rather than something like "do this, do this, do this". Also, if there is code, please specify which file it should be put in, instead of just giving the code, and assuming the reader will know where it goes just based on the code alone (stern look at heroku guide writers)

Thanks! =]

解决方案

If you use this key <%= ENV["SECRET_KEY_BASE'] %>

On your local machine you can set environment vars in your shell, like (bash or zsh)

export SECRET_KEY_BASE="yourkeybasehere"

And simulate that you run on production (but at your local machine) like

RAILS_ENV=production rails s

However, deploying on Heroku, you can use what they call config vars, by running heroku config:set command for your app.

heroku config:set SECRET_KEY_BASE=yourkeybasehere

Then the Rails app will populate this config var into secret.yml

production:
  secret_key_base: yourkeybasehere

Hope this explains thing you need to understand.

Though, if you would like to play and test. One option is trying to edit your app/views/layouts/application.html.erb file and put the config var you want to display, for instance USERNAME config var

<!DOCTYPE html>
<html>
<head>
  <title><%= ENV['USERNAME'] %></title>
</head>
<body>

<%= yield %>

</body>
</html>

Then deploy to heroku and run

heroku config:set USERNAME=gwho

You should see 'gwho' at the page title.

More details about Heroku config vars: https://devcenter.heroku.com/articles/config-vars

More details about Rails 4.1 secrets.yml: http://edgeguides.rubyonrails.org/4_1_release_notes.html#config/secrets.yml

这篇关于一步一步解释如何在部署到Heroku时使用Rails secrets.yml而无需公开密钥公开回购的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！