On Tuesday this week, I presented a talk to Montreal.rb on keeping your application secrets safe. Posted below is the video, slides and some follow-up questions during and after the presentation. Enjoy!
Video
Slides
Questions
How can I remove a secret from your Git repository?
GitHub has an excellent post on how to do this: Remove sensitive data. However, if you have committed a secret to your repository which has been push to a remote, then consider that secret compromised. You will need to reset the secret (i.e. create a new API key) and configure your application using the techniques described above.
How can I keep my secrets safe with an application pre-Rails 4.1?
Check out these options:
- foreman: recommended - any Rack app
- dotenv: great for plain old Ruby Gems too
- figaro: YAML
- capistrano: linking to a configuration file in production
