config/secrets.json unable to be included for Heroku deployment #309

Closed
larzconwell opened this Issue Feb 14, 2013 · 7 comments

Projects

None yet

5 participants

@larzconwell

Since Heroku is deployed via Git, and config/secrets.json is in .gitignore it's impossible to deploy if you need it.

@mikedevita

I'd also like to mention.. running: heroku run geddy secret doesn't work either after pushing your app to heroku.

@mikedevita

Alright so here's what i've discovered thus far and this will require some code edits of some sort im sure.

If you create a secrets.json file, remove it from .gitignore and the secrets.json file is like so:

{
  "secret": ""
}

you commit, and push it to heroku you will have a starter template secrets.json file.. You can then run a bash prompt on heroku... heroku run bash and then you can run geddy secret at the root of your app folder, and it will create the appropriate key in config/secrets.json. However, when you issue heroku restart back on your local machine it will recompile the slug and ignore what was in the config/secrets.json most likely because your last commit had an empty secrets.json file...

I could tell this by running heroku logs -t when i issue restart and i get back a dump of all of the config's for the app. In those configs, its showing as "secret": "".

This is probably because when you start the app im guessing it writes into memory the secret: hash..

One step closer, as you can actually get heroku to create the secrets.json hash string just can't get geddy to recognize it.

@MrOrz

Ruby on Rails allows developers to use ERB syntax within config yaml files.
This enables the access to environment variables, accessing the secrets specified with heroku config:add command.

IMHO maybe Geddy can provide something similar to Ruby on Rails?
Passing secret.json to an EJS evaluator before invoking the JSON parser should do the trick.

@mde
@mde

NM, implemented in bfa7650, pushed to master.

Just commit your secrets.json file to Git (i.e., remove from the .gitignore), and use EJS with environment variables so your secrets don't end up in revision control.

@mde mde closed this Jun 23, 2013
@MrOrz

Wow that was fast! :D

@ben-ng

Sweet! I've been looking forward to this too. +1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment