如何上传带有密钥的json文件到Heroku [英] How to upload a json file with secret keys to Heroku
问题描述
我正在构建一款Rails应用,该应用使用Google API的Google Api客户端库从Google Analytics中提取数据。
我使用OAuth2,在本地机器上开发。我的问题是,该库使用下载的文件 client_secrets.json 来存储两个密钥。
问题:我正在使用Heroku,并需要一种方法将文件传送到他们的生产服务器。
我不想添加此文件我的github回购项目是公开的。
如果有办法暂时将文件添加到git中,请推送到Heroku,然后从git中删除就可以了。我的感觉是,键将在提交中,很难阻止在github上显示。
尝试过:
据我所知,不能通过Bash控制台将文件传给Heroku。我相信当你这样做时,你会得到一个新的Dyno,你添加的任何东西都只是暂时的。我尝试过,但无法让SCP正常工作,所以不能100%确定这一点。
试过:
I看着将JSON文件存储在环境或配置变量中,但无法使其工作。如果有人有想法,这似乎是最好的方法。当ruby将JSON转换为字符串或散列时,我经常遇到麻烦,所以可能我只需要在这里指导。
试过:
此外,我试图找出一种方法来从JSON文件中取出密钥,他们到配置变量,并将JSON文件添加到混帐。我找不到一种方法来将 ENV [KEY] 放入JSON文件中。
示例代码 Google库有一个方法,用于加载JSON文件以创建授权客户端。然后,客户端获取一个令牌(或给出授权url)。
client_secrets = Google :: APIClient :: ClientSecrets.load 'client_secrets.json')
auth_client = client_secrets.to_authorization
**注意这个例子在谷歌网页上没有显示文件名,因为它使用了一个默认的ENV Var被设置为路径
c $ c> ClientSecrets.load()方法只需要JSON,一个字符串或一个可以进入配置变量的哈希。不幸的是,它似乎总是想要一个文件路径。当我给它提供JSON,一个字符串或散列时,它就会爆炸。 我看到有人用p12解决了这个问题这里键,但我不知道如何在我的情况下复制。
还没试过: 这是我工作的特定控制器:
我唯一的其他人(除了搬到AWS之外)是把JSON文件放在AWS并在需要时将导轨拉出。我不确定这是否可以即时完成,或者在Rails服务器启动时需要将文件拉下来。似乎工作太多,但在这一点上,我花了几个小时准备尝试。
https://github.com/dladowitz/slapafy/blob/master/app/controllers/welcome_controller.rb
<通过搜索github,我发现有人使用了一种使用JSON字符串作为参数而不是文件路径的另一种方法: Google:
这让我把JSON ENV VAR。世界再次合理。
I'm building a rails app that pulls data from Google Analytics using the Google Api Client Library for Ruby.
I'm using OAuth2 and can get everything working in development on a local machine. My issue is that the library uses a downloaded file, client_secrets.json, to store two secret keys.
Problem:I'm using Heroku and need a way to get the file to their production servers.
I don't want to add this file to my github repo as the project is public.
If there is a way to temporarily add the file to git, push to Heroku, and remove from git that would be fine. My sense is that the keys will be in the commits and very hard to prevent from showing on github.
Tried: As far I can tell you cannot SCP a file to Heroku via a Bash console. I believe when doing this you get a new Dyno and anything you add would be only be temporary. I tried this but couldn't get SCP to work properly, so not 100% sure about this.
Tried: I looked at storing the JSON file in an Environment or Config Var, but couldn't get it to work. This seems like the best way to go if anyone has a thought. I often run into trouble when ruby converts JSON into a string or hash, so possibly I just need guidance here.
Tried:
Additionally I've tried to figure out a way to just pull out the keys from the JSON file, put them into Config Vars, and add the JSON file to git. I can't figure out a way to put ENV["KEY"] in a JSON file though.
Example Code The Google library has a method that loads the JSON file to create an authorization client. The client then fetches a token (or gives a authorization url).
client_secrets = Google::APIClient::ClientSecrets.load('client_secrets.json')
auth_client = client_secrets.to_authorization
** note that the example on google page doesn't show a filename because it uses a default ENV Var thats been set to a path
I figure this would all be a lot easier if the ClientSecrets.load() method would just take JSON, a string or a hash which could go into a Config Var.
Unfortunately it always seems to want a file path. When I feed it JSON, a string or hash, it blows up. I've seen someone get around the issue with a p12 key here, but I'm not sure how to replicate that in my situation.
Haven't Tried: My only other though (aside from moving to AWS) is to put the JSON file on AWS and have rails pull it when needed. I'm not sure if this can be done on the fly or if the file would need to be pulled down when the rails server boots up. Seems like too much work, but at this point I've spend a few hours on it so ready to attempt.
This is the specific controller I am working on: https://github.com/dladowitz/slapafy/blob/master/app/controllers/welcome_controller.rb
By search github I found that someone had used a different method that used a JSON string as an argument rather than a file path: Google::APIClient::ClientSecrets.new(JSON.parse(ENV['GOOGLE_CLIENT_SECRETS']))
This lets me wrap up the JSON into an ENV VAR. The world makes sense again.
这篇关于如何上传带有密钥的json文件到Heroku的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
