Rails 4.1将秘密推送到heroku [英] Rails 4.1 pushing secrets to heroku

问题描述

Rails 4.1.0.beta1和Devise。

Rails 4.1.0.beta1 and Devise.

我正在尝试从版本控制中删除我的所有密钥，我已升级到Rails 4.1，这个新的secretts.yml一个镜头

I'm trying to remove all of my keys from version control and I've upgraded to Rails 4.1 to give this new secrets.yml a shot

试图将Devise的 config.secret_key 推送到heroku，但资产失败后：预编译

Trying to push Devise's config.secret_key to heroku but it's failing after assets:precompile

Preparing app for Rails asset pipeline
       Running: rake assets:precompile
       rake aborted!
       Devise.secret_key was not set. Please add the following to your Devise initializer:
       config.secret_key = 'EXAMPLE_KEY_HERE'
       Please ensure you restarted your application after installing Devise or setting the key.

这是我的更改，我将在评论中留下的旧代码。 （它的工作）

Here are my changes, the old code I'll leave in comments. (it works)

devise.rb

  # config.secret_key = 'THIS_IS_A_FAKE_KEY' #<---this_is_commented_out
  config.secret_key = Rails.application.secrets.devise_secret_key

secrets.yml

production:
  devise_secret_key: 'THIS_IS_A_FAKE_KEY'

然后运行 heroku labs：enable user-env-compile -a myapp （不知道是否需要）

then ran heroku labs:enable user-env-compile -a myapp (not sure if that's necessary)

然后当我推到我的叉子英雄羡慕 git推叉主人我得到以上错误。

and then when I push to my forked heroku envionment git push forked master I get the above error.

我也注意到一些讨论在这个Devise repo中，所以我想我会更新我的宝石旁边的源repo，没有区别。这是讨论的一部分（ here ）。

I also noticed some discussion on this in this Devise repo so I figured I'd update my gem alongside the source repo, no difference. Here's part of that discussion (here).

推荐答案

您可能已将secretts.yml添加到您的.gitignore。这是有道理的，因为你把秘密钥匙放在里面 - 但是由于Heroku部署使用git，它从来没有看到你的secretts.yml。

You've likely got secrets.yml added to your .gitignore. Which makes sense, since you put secret keys in it -- but since Heroku deployment uses git, it never sees your secrets.yml.

一个解决方案是使用heroku_secrets宝石 - 请参阅 http://stackoverflow.com/a/22458102/2831572 。

One solution is to use the heroku_secrets gem - See http://stackoverflow.com/a/22458102/2831572 .

另一个解决方案是在将所有敏感键替换为环境变量引用后，将git（即从.gitignore中删除）添加到其中。

所以：

Another solution is to add secrets.yml to git (i.e. remove it from .gitignore) after replacing all sensitive keys with references to environment variables.
So:

production:
  devise_secret_key: <%= ENV['DEVISE_KEY'] %>

然后运行 heroku config：set DEVISE_KEY ='7658699e0f765e8whatever'

这篇关于Rails 4.1将秘密推送到heroku的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！