amazon s3 - Ruby on Rails, Paperclip, Heroku, GitHub and AWS - securing keys -

-

i'm using ror hosted heroku , i'd store files on s3 using paperclip. source code hosted on github , world readable. best practice keep keys secret rest of world?
paperclip suggests access keys stored in configuration file (or in code), example have:

file: config/s3.yml 

access_key_id: my_access_key_id secret_access_key: my_very_secret_key bucket: bucket_name

heroku works committing code local git , pushing heroku. since i'm using github, push same code github well. means push secret keys there too.
i'm using world-readable github account, if payed github make half problem go away still i'm not happy secret keys lying in configuration file in code. don't know if there's better practice though.

what best practice keeping keys secret , still using above mentioned list of libraries , services?

btw, i've started ror , heroku last week may considered newbe, please considerate ;) thanks!

you need use env variable heroku app.

if heroku config can have access of env variable. add , use directly in application.

with trick don't need update code change configuration , configuration if not define in code base.

in s3.yml need :

access_key_id: <%= env['s3_access_key'] %> secret_access_key: <%= env['s3_secret_key'] %> bucket: <%= env['s3_bucket_name'] %>

and add env variable in heroku app

heroku config:add s3_access_key='your_key' heroku config:add s3_secret_key='your_secret' heroku config:add s3_bucket_name='your_nucket_name'

Comments

Post a Comment

Popular posts from this blog

javascript - Enclosure Memory Copies -

-
function myclass() { //lots , lots of vars , code here. this.bar = function() { //do numerous enclosed myclass vars } this.foo = function() { alert('hello'); //don't enclosed variables. } } each instance of myclass gets own copy of bar , foo, why prototyped methods use less memory. however, know more memory use of inner methods. it seems obvious me (1) below must true. agree? not distinct myclass instances have own distinct copies of bar, must have own distinct copies of myclass enclosure. (or else how bar method keep myclass variables straight on per instance basis?) now (2) question i'm after. since inner foo method doesn't use in myclass enclosure natural qustion is: javascript smart enough not keep myclass enclosure in memory use of foo? this depend entirely on implementation not language. naive implementations keep far more around others. answer true e.g. v8 (chrome's js engine) may not true spider...
Read more

php - Replacing tags in braces, even nested tags, with regex -

-
example preg_replace('/\{[a-za-z.,\(\)0-9]+\}/', 'replaced', 'lorem ipsum dolor sit {tag1({tag2()})}, consectetur adipiscing elit.'); the result: lorem ipsum dolor sit {tag1(replaced)}, consectetur adipiscing elit. question as can see "tag2" has been replaced, want replace "tag1" know how can this? (in cases might this: {tag1({tag2({tag3()})})}) , on.) btw using preg_replace_callback, easier show preg_replace here site can test code: http://www.spaweditor.com/scripts/regex/index.php you need add curly braces character set. here's pattern used: /\{[a-za-z.,\(\)\{\}0-9]+\}/ and here result: "lorem ipsum dolor sit replaced, consectetur adipiscing elit."
Read more