Last active
December 18, 2015 03:09
-
-
Save mikeatlas/5716025 to your computer and use it in GitHub Desktop.
Example of how to dynamically set a rails secret_token per-heroku app instance. This sets a heroku environment variable on deployment, which is attempted to be read as a secret_token key file. If the token is not found, a new one is generated on the fly (draw back here is that a dynamic secret_key is used every time the app restarts, causing all…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| desc 'Pushes to heroku demo app' | |
| task :push_to_demo => :environment do |t, args| | |
| app_name = 'demo' | |
| push app_name | |
| end | |
| def push(app_name) | |
| puts "$$$$$$$$$$ Pushing to heroku app: #{app_name}" | |
| puts "$$$$$ Pushing to heroku app: #{app_name}" | |
| Bundler.clean_exec "git push [email protected]:#{app_name}.git && " << \ | |
| "heroku config:add MY_APP_NAME='#{app_name}' --app #{app_name}" | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # initializers/secret_token.rb | |
| class ConfigurationError < StandardError; end | |
| require 'securerandom' | |
| require 'yaml' | |
| secret_token_file = 'config/secret_token.yml' | |
| app_name_key = "MY_APP_NAME" | |
| app_name = "my_app" | |
| if ENV[app_name_key] | |
| app_name = ENV[app_name_key] | |
| end | |
| secret_token = YAML::load(File.open(secret_token_file))[app_name] if File.exists?(secret_token_file) || SecureRandom.hex(64) | |
| raise ConfigurationError.new("Could not load or set secret token from environment or #{File.expand_path(secret_token_file)}") unless secret_token | |
| MyApp::Application.config.secret_token = secret_token |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # config/secret_token.yml | |
| # run ">rake secret" to generate a new secret key, as needed. | |
| # default_key | |
| my_app: c6999d5d0a4dd4465fc90b21baa881bf91ba56c5490040300a1847819fc0036abd8a865abc4a2aa5a3f36dbcfd9f53029b38bfa1706ff4919557d07f413dd982 | |
| demo: 130e4c313d6d3b427b5ef94849dbebfb4be50c1fd66ecb4dbe6583dc345f558a9d2f46855e0feff0b9510477bf2e6758d5220daf39707d74c586063d4fd59477 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some credit to @elvanja for his blog post here.