Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Added information about the need to protect config vars during except…
…ion reporting
  • Loading branch information
Martin Gregory committed May 27, 2009
1 parent 3ed1d27 commit a43453b
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
16 changes: 16 additions & 0 deletions docs/config-vars.txt
Expand Up @@ -65,13 +65,19 @@ Use `heroku config`, `config:add`, `config:remove`, and `config:clear` to manage
GITHUB_USERNAME => joesmith
Restarting app...done.

*Note*: heroku config:add does a config:clear first. You have to
specify all config vars each time. RACK_ENV is never cleared.


$ heroku config
GITHUB_USERNAME => joesmith
RACK_ENV => production

$ heroku config:clear
Clearing all config vars and restarting app...done.

*Note*: RACK_ENV is never cleared.

RACK_ENV, RAILS_ENV, MERB_ENV
-----------------------------

Expand All @@ -85,3 +91,13 @@ The RACK_ENV value is set to production by default. You should rarely, if ever,
Note: RAILS_ENV and MERB_ENV will automatically mirror whatever is in RACK_ENV. Don't set RAILS_ENV or MERB_ENV directly.

Note: It is not recommended that you ever set your RACK_ENV=development, as that will enable reloading and slow down your app's dyno significantly.

Exception Reporting
-------------------

Note that if you are using an [external exception reporting
service](http://docs.heroku.com/logs-exceptions), it will likely
report to you your app's whole environment. Since you are liekly
using config vars to store private information, you should take care
to prevent the exception reporting from showing this information.
Your service will likely provide a means for this.
7 changes: 7 additions & 0 deletions docs/logs-exceptions.txt
Expand Up @@ -15,6 +15,13 @@ Accessing your logs is intended primarily for use in debugging a newly uploaded

If you have a site in production use by real users, use an external exception logging service. We can recommend [Hoptoad](http://hoptoadapp.com/) and [Get Exceptional](http://getexceptional.com/). Both of these services are very simple to set up on Heroku, and provide an easy and structured way to look at all your production exceptions.

If you use an external logging service, be sure to configure it to look after
your configuration environment variables with care. Typically, external
logging services will report the entire app environment. If you are using
[Heroku Config Vars](http://docs.heroku.com/config-vars) to pass
"private" information to your app, you will want to stop these being reported.
[Hoptoad](http://hoptoadapp.com/) has a means for doing this: [here](http://help.hoptoadapp.com/faqs/troubleshooting-2/environment-filters) ... other services probably do too.

You should not attempt to use the output of the `heroku logs` command for
metrics or usage analysis. For that, we recommend [Google
Analytics](http://www.google.com/analytics).
Expand Down

0 comments on commit a43453b

Please sign in to comment.