1

I'm working through a Rails exercise dealing with Figaro and syncing tokens on both the production and development environment, and I'm not sure if what I've done has fulfilled the intent of this exercise. Specifically, it says to run rake secret to generate the token, followed by heroku config:set SECRET_KEY_BASE=thegeneratedtoken to set that token to the ENV variable on production. I've completed these steps.

Then I'm asked to add SECRET_KEY_BASE to the application.yml file, which I've done, and use Figaro to sync the tokens on Production and Development. Then set the Development key to equal the same ENV-stored token as the Production key in secrets.yml.

So my secrets.yml file looks like this:

secrets.yml

development:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

while the application.yml file actually includes the generated token after SECRET_KEY_BASE:

Does this seem like I've completed all necessary tasks? I guess I was mostly hung up on the "use Figaro to sync the tokens..." part of the exercise. I wasn't sure if I needed to run some command here, or if they're simply saying adding the token to the application.yml file IS syncing the environments.

zero323
  • 322,348
  • 103
  • 959
  • 935
Jeff Rogers
  • 11
  • 4

1 Answers1

1

It would be cool if you could share that exercise here (was it an online tutorial?), so I could be more precise with my answer.

If you run

heroku config -a YOUR_HEROKU_APP

and see SECRET_KEY_BASE in the output and it's matching what you synced from your local development, then it means you managed to sync your configuration.

The confusing part on secrets.yml vs figaro is nicely explained on figaro's github page.

What you really need figaro for, locally, is reading configuration from application.yml file and adding it to ENV object, so that your secrets.yml file can access the secrets securely (you can safely commit secrets.yml to your repo, but keep application.yml only locally (ideally added to .gitignore))

Now, Heroku loads all config from ENV, all you have to do is to log in and copy and paste your data, or use command line to set your config keys.

This command

heroku config:set SECRET_KEY_BASE=thegeneratedtoken

does exactly that. Now this figaro command for syncing data:

figaro heroku:set -e production

is really just a wrapper script that will go over all the keys in application.yml (unscoped or scoped under production:) and will run (for each key):

heroku config:set PROD_KEY_1=VALUE_PROD_KEY_1

I hope that helps with the initial confusion :-)

matb
  • 851
  • 13
  • 23