4

Can someone help me understand how to retrieve an API key if I'm storing it into secrets.yml?

If I have some kind of google API key 'yt_key':

secrets.yml

development:
  secret_key_base: 390257802398523094820 #some key
  yt_key: A423092389042430 #some key

test:
  secret_key_base: 43208947502938530298525#some key
  yt_key: A423092389042430 #some key

production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
  yt_key: <%= ENV["YT_KEY"] %>

I'm just following the examples, this is how I would set it up right?

So if I publish this to production, I would save the A423092389042430 in heroku and under YT_KEY, correct?

But in development, would I do it this way to retrieve the data:

in /config/application.rb

Yt.configure do |config|
  config.api_key = '<%= ENV["YT_KEY"] %>'
end

or should this be in the the class:

module Sample
  class Application < Rails::Application

    Yt.configure do |config|
      config.api_key = '<%= ENV["YT_KEY"] %>'
    end

    config.active_record.raise_in_transactional_callbacks = true
  end
end

Or did I set up the configure wrong?

Improve this question
1
  • Sounds like Yt.configure should be in initializers/yt.rb. And there is no need to put <%= %> in a ruby file. Commented Jul 2, 2016 at 3:54

3 Answers 3

Reset to default
5

ENV["YT_KEY"] references the 'YT_KEY' environment variable which you'll have to set with a Heroku config variable.

In your app, you can access your secrets like this:

Rails.application.secrets.key_name

Since you're storing the 'YT_KEY' as an environment variable in production only, you should configure Yt like so:

(You can do this in a initializer file located at app/initializers/yt.rb)

Yt.configure do |config|
  config.api_key = Rails.application.secrets.yt_key
end

That way, the correct key will be set in each environment.

It's good practice to use different keys for each environment, so should get another key for your production environment. Also, you should avoid storing secret production environment keys in the code. That's why it's common to use ENV variables for production keys.

Let me know if you need any clarification!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Do it this way, we are doing this way since a long time and working very well for us and this is a good convention as well.

secrets.yml

development:
  secret_key_base: 390257802398523094820 #some key
  yt_key: A423092389042430 #some key

test:
  secret_key_base: 43208947502938530298525#some key
  yt_key: A423092389042430 #some key

production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
  yt_key: <%= ENV["YT_KEY"] %>

Add these line to your application.rb file

 config_files = ['secrets.yml']

    config_files.each do |file_name|
      file_path = File.join(Rails.root, 'config', file_name)
      config_keys = HashWithIndifferentAccess.new(YAML::load(IO.read(file_path)))[Rails.env]
      config_keys.each do |k,v|
        ENV[k.upcase] ||= v
      end
    end

and now you can access yt_key this way ENV["YT_KEY"] or any other key you add like some_key to ENV["SOME_KEY"].

It's often recommended to not put your custom keys in secret.yml instead make another file like app_keys.yml and put all keys there.

Improve this answer

Comments

0

You can also use Figaro gem.

Once installed, you'll have a config/application.yml file. Inside it you can store your api keys etc.:

SENDGRID_USERNAME: a-name
SENDGRID_PASSWORD: password

Now, anywhere in your .rb files, you can reference it using vars:

# Noticed how I keep my vars uppercase throughout.

ENV["SENDGRID_USERNAME"]
ENV["SENDGRID_PASSWORD"]

# Production vars go below the `production` line

production:
  ENV["MY_PRODUCTION_VAR"]

If using those env keys inside your html.erb then you'll need to wrap it with <%= ... %>

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.