【功能】managing aws key using figaro on heroku for carrierwave

In order to store a large amount of information, websites need to purchase servers for space to do so. The server access information is needed for the servers to work. Such information must be maintained secretive, or the server can be stolen or compromised. There are a number of ways to accomplish this, but here we’ll talk about using gem figaro to secure server access information.

First you need to make sure you’re already sign up for a server service somewhere, here we’ll use AWS (Amazon Web Services). Once you’ve signed up and verified your account, you can access the AWS console, where you’ll find “S3” under the “Storage & Content Delivery” category.

S3 is Amazon’s storage solution, typically used to store large binary files. Then, create a bucket. Name your bucket something relevant to your project and keep the name handy.

Then, go to your text editor and do the following:

1. Install gem figaro, run bundle install and then figaro install

2. Run the following to create a copy of your application.yml file to be uploaded, but doesn’t contain your AWS access key info:

   1	cp config/application.yml config/application.yml.example

3. Go to AWS console, under your user name on the top right, go to “Security Credentials”, then click on “Access Key (Acces Key ID and Seceret Access Key). Click “Create New Access Key” and download the file. Save it somewhere secure.

4. Next go to application.yml and place your AWS access information, as an example:

   1 2 3 4 5

   production: AWS_ACCESS_KEY_ID: XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_BUCKET_NAME: YOUR-BUCKET-NAME

5. The above information is accessed by whatever gem in your app that is using the AWS storage. In my case, I’m using CarrierWave to upload images, but in order to connect to the AWS API I need another gem for integration called gem fog. So add gem fog to the Gemfile and run bundle install. And now in the imageuploader, disable the storage :file line.

   1 2	class < CarrierWave::Uploader::Base

6. Under config/initializers, create a carrierwave.rb file to help CarrierWave initialize, and add the below code:

   1 2 3 4 5 6 7 8 9 10 11 12 13 14

   CarrierWave.configure do |config| if Rails.env.production? config.storage :fog config.fog_credentials = { provider: 'AWS', aws_access_key_id: ENV["AWS_ACCESS_KEY_ID"], aws_secret_access_key: ENV["AWS_SECRET_ACCESS_KEY"], region: 'eu-west-1' #(location of your S3 bucket) } config.fog_directory = ENV["AWS_BUCKET_NAME"] else config.storage :file end end

ENV is short for “Environment Variables”, and you can see these match the names in the application.yml file.

1. Once these are set up, go to the .gitignore file and add in config/application.yml to make sure the git will not be uploading this file containing AWS access info onto Heroku. If this is done successfully, you should see config/application.yml either in light grey color or hidden away.

2. Assuming you’ve already uploaded the current app onto Heroku, run figaro heroku:set -e production in Terminal, you should see the AWS information you’ve listed in application.yml listed.

3. Run heroku config in Terminal, you should now see Heroku is setup with AWS configuration.

4. If all above ran smoothly, you can now commit & push to Heroku.