Rails 4.1 pushing secrets to heroku
You've likely got secrets.yml added to your .gitignore. Which makes sense, since you put secret keys in it -- but since Heroku deployment uses git, it never sees your secrets.yml.
One solution is to use the heroku_secrets gem - See https://stackoverflow.com/a/22458102/2831572 .
Another solution is to add secrets.yml to git (i.e. remove it from .gitignore) after replacing all sensitive keys with references to environment variables.
So:
production:
devise_secret_key: <%= ENV['DEVISE_KEY'] %>
then run heroku config:set DEVISE_KEY='7658699e0f765e8whatever'
Christian Flores
Updated on June 04, 2022Comments
-
Christian Flores almost 2 years
Rails 4.1.0.beta1 and Devise.
I'm trying to remove all of my keys from version control and I've upgraded to Rails 4.1 to give this new secrets.yml a shot
Trying to push Devise's
config.secret_key
to heroku but it's failing after assets:precompilePreparing app for Rails asset pipeline Running: rake assets:precompile rake aborted! Devise.secret_key was not set. Please add the following to your Devise initializer: config.secret_key = 'EXAMPLE_KEY_HERE' Please ensure you restarted your application after installing Devise or setting the key.
Here are my changes, the old code I'll leave in comments. (it works)
devise.rb
# config.secret_key = 'THIS_IS_A_FAKE_KEY' #<---this_is_commented_out config.secret_key = Rails.application.secrets.devise_secret_key
secrets.yml
production: devise_secret_key: 'THIS_IS_A_FAKE_KEY'
then ran
heroku labs:enable user-env-compile -a myapp
(not sure if that's necessary)and then when I push to my forked heroku envionment
git push forked master
I get the above error.I also noticed some discussion on this in this Devise repo so I figured I'd update my gem alongside the source repo, no difference. Here's part of that discussion (here).
-
Jay almost 10 yearsWish Heroku let you upload non-repo files to merge into the slug, I wanted to use secrets.yml with no ENV vars. Maybe you can somehow commit locally and force push to heroku only, then revert to not including secrets.yml when pushing elsewhere (every time you deploy...) Or better yet, just commit the file to the heroku remote and not even locally (pretty sure that's impossible tho)
-
ahnbizcad almost 10 yearsthe second method seems pretty... silly. the whole point of the secrets file was to put your keys in there, right?
-
mc9 over 9 years@gwho Yeah, I think the second method defeats the purpose of the secrets.yml file.
-
neonmate about 9 yearsDon't add the secrets.yml to git. Use rake heroku:secrets RAILS_ENV=production to transfer your secrets to the heroku environment variables. If you like to help other developers to getting started fast with your application, add a file secrets.yml.sample to your repository with all the keys, but without values. Like you may know from the database.yml. Figaro is useless for Rails 4, since it is MUCH easier for other deploys / use cases (e.g. gem capistrano-secrets-yml).