Ruby: Handling secrets (environment variables)
This documentation is part of the Advanced usages guide. You can view the complete guide here: Going further with your Ruby deployments.
👋 Welcome to the Stackhero documentation!
Stackhero offers a ready-to-use Ruby cloud solution that provides a host of benefits, including:
- Deploy your application in seconds with a simple
git push.- Use your own domain name and benefit from the automatic configuration of HTTPS certificates for enhanced security.
- Enjoy peace of mind with automatic backups, one-click updates, and straightforward, transparent, and predictable pricing.
- Get optimal performance and robust security thanks to a private and dedicated VM.
Save time and simplify your life: it only takes 5 minutes to try Stackhero's Ruby cloud hosting solution!
At some point, you will need to manage secrets such as tokens or passwords for databases and third-party services. It is essential to store these secrets securely. Avoid embedding secrets directly in your repository or code because this poses a serious security risk.
Environment variables offer two significant benefits:
- Your secrets will not be stored in your Git repository, reducing the risk if someone gains access to your source code.
- You can use different credentials for different environments. For example, connect to your production database in production while using a development database during development.
Setting up environment variables for development
For development, create a .env file in the root of your project. This file will be excluded from Git so that it is never committed. Use the dotenv gem to automatically load the .env file.
First, add the dotenv-rails gem to your Gemfile:
# Gemfile
gem 'dotenv-rails', groups: [:development, :test]
Then install the gem:
bundle install
Next, create a .env file at the root of your project and add your variables:
RAILS_ENV="development"
DATABASE_PASSWORD="secretPassword"
THIRD_API_PRIVATE_KEY="secretKey"
# ...
Finally, ensure the .env file is ignored by Git:
echo '.env*' >> .gitignore
Setting up environment variables for staging and production
For staging and production, the .env file is not secure or practical because it cannot be stored in a Git repository. Instead, Stackhero provides a secure solution for managing environment variables directly in your Ruby service configuration.
You can set these variables via the Stackhero dashboard by selecting your Ruby service and clicking the "Configure" button.
Accessing environment variables
In Ruby, you can easily access environment variables using ENV. For example, to retrieve DATABASE_PASSWORD, use:
ENV['DATABASE_PASSWORD'] # => 'secretPassword'
Here is an example of how to connect to a RabbitMQ server using environment variables:
require 'bunny'
class RabbitMQClient
def initialize
@connection = Bunny.new(hostname: ENV['RABBITMQ_HOST'],
username: ENV['RABBITMQ_USERNAME'],
password: ENV['RABBITMQ_PASSWORD'])
@connection.start
end
def publish(queue_name, message)
channel = @connection.create_channel
queue = channel.queue(queue_name)
channel.default_exchange.publish(message, routing_key: queue.name)
end
def close
@connection.close
end
end
On the development platform, your .env file might include:
RABBITMQ_HOST='127.0.0.1'
RABBITMQ_USERNAME='developmentUser'
RABBITMQ_PASSWORD='developmentPassword'
For production and staging, define your environment variables in the Stackhero dashboard under the Ruby service configuration as shown below:
RABBITMQ_HOST='<XXXXXX>.stackhero-network.com'
RABBITMQ_USERNAME='production'
RABBITMQ_PASSWORD='secretProductionPassword'