I'm new at rails and I'm at the point where I am shipping code to Amazon Web Services. I'd like to know, what is the best way to hide or encrypt keys (for example, for Mandrill) so all the features of your app can work online but you are not exposing any of your private keys?
So far, in development, I have my keys saved in my bash profile and working fine locally.
Thanks a lot for the advice!
So, I thought about using the Figaro gem but I ended up using rbenv-vars by sstephenson: https://github.com/sstephenson/rbenv-vars
On the Amazon Server, I made a directory:
$ mkdir -p ~/.rbenv/plugins
$ cd ~/.rbenv/plugins
$ git clone https://github.com/sstephenson/rbenv-vars.git
$ rbenv rehash
Then, on the AWS server, I used vim to create a file:
$ vim .rbenv-vars
$ rake secret in your project directory to get a SECRET_KEY_BASE=place key here
Then I added this .rbenv-vars to the .gitignore. Of course you don't want to send these keys to Github.
In this file, you can also place your secret keys where they'll reside on the server to do their job.
Take a look at Use environment variables!. this site really help me with this http://railsapps.github.io/rails-environment-variables.html
A common practice is to set environment variables. If you've ever used Heroku, you'd see in the settings panel that there are some.
In config/secrets.yml, for production environment, the default method of setting the key is given to be env var, as there's some erb <%= ... %> code there. You can obviously change the keyword there.
To set the value each time you re-start the terminal, you can save the value of rake secret RAILS_ENV=production command in a file called .bash_aliases (exists only in linux) or in some other script that gets called as the shell starts.
In that file, type in: export KEYWORD='whatever the value is' and voila!
Now if you do printenv KEYWORD to see the value stored in the env var named KEYWORD, it will be there.
