config/secrets.json unable to be included for Heroku deployment #309

Closed
larzconwell opened this Issue Feb 14, 2013 · 7 comments

Comments

Projects
None yet
5 participants
@larzconwell
Contributor

larzconwell commented Feb 14, 2013

Since Heroku is deployed via Git, and config/secrets.json is in .gitignore it's impossible to deploy if you need it.

@mikedevita

This comment has been minimized.

Show comment
Hide comment
@mikedevita

mikedevita Feb 14, 2013

Contributor

I'd also like to mention.. running: heroku run geddy secret doesn't work either after pushing your app to heroku.

Contributor

mikedevita commented Feb 14, 2013

I'd also like to mention.. running: heroku run geddy secret doesn't work either after pushing your app to heroku.

@mikedevita

This comment has been minimized.

Show comment
Hide comment
@mikedevita

mikedevita Feb 14, 2013

Contributor

Alright so here's what i've discovered thus far and this will require some code edits of some sort im sure.

If you create a secrets.json file, remove it from .gitignore and the secrets.json file is like so:

{
  "secret": ""
}

you commit, and push it to heroku you will have a starter template secrets.json file.. You can then run a bash prompt on heroku... heroku run bash and then you can run geddy secret at the root of your app folder, and it will create the appropriate key in config/secrets.json. However, when you issue heroku restart back on your local machine it will recompile the slug and ignore what was in the config/secrets.json most likely because your last commit had an empty secrets.json file...

I could tell this by running heroku logs -t when i issue restart and i get back a dump of all of the config's for the app. In those configs, its showing as "secret": "".

This is probably because when you start the app im guessing it writes into memory the secret: hash..

One step closer, as you can actually get heroku to create the secrets.json hash string just can't get geddy to recognize it.

Contributor

mikedevita commented Feb 14, 2013

Alright so here's what i've discovered thus far and this will require some code edits of some sort im sure.

If you create a secrets.json file, remove it from .gitignore and the secrets.json file is like so:

{
  "secret": ""
}

you commit, and push it to heroku you will have a starter template secrets.json file.. You can then run a bash prompt on heroku... heroku run bash and then you can run geddy secret at the root of your app folder, and it will create the appropriate key in config/secrets.json. However, when you issue heroku restart back on your local machine it will recompile the slug and ignore what was in the config/secrets.json most likely because your last commit had an empty secrets.json file...

I could tell this by running heroku logs -t when i issue restart and i get back a dump of all of the config's for the app. In those configs, its showing as "secret": "".

This is probably because when you start the app im guessing it writes into memory the secret: hash..

One step closer, as you can actually get heroku to create the secrets.json hash string just can't get geddy to recognize it.

@MrOrz

This comment has been minimized.

Show comment
Hide comment
@MrOrz

MrOrz Jun 23, 2013

Ruby on Rails allows developers to use ERB syntax within config yaml files.
This enables the access to environment variables, accessing the secrets specified with heroku config:add command.

IMHO maybe Geddy can provide something similar to Ruby on Rails?
Passing secret.json to an EJS evaluator before invoking the JSON parser should do the trick.

MrOrz commented Jun 23, 2013

Ruby on Rails allows developers to use ERB syntax within config yaml files.
This enables the access to environment variables, accessing the secrets specified with heroku config:add command.

IMHO maybe Geddy can provide something similar to Ruby on Rails?
Passing secret.json to an EJS evaluator before invoking the JSON parser should do the trick.

@mde

This comment has been minimized.

Show comment
Hide comment
@mde

mde Jun 23, 2013

Contributor

This is actually not a bad idea. You could easily include environment
variables that way. Then you could just remove the entry for your secrets
file from the .gitignore. Could you open a ticket for this?

On Sun, Jun 23, 2013 at 9:48 AM, MrOrz notifications@github.com wrote:

Ruby on Rails allows developers to use ERB syntax within config yaml files.
This enables the access to environment variables, accessing the secrets
specified with heroku config:add command.

IMHO maybe Geddy can provide something similar to Ruby on Rails?
Passing secret.json to an EJS evaluator before invoking the JSON parser
should do the trick.


Reply to this email directly or view it on GitHubhttps://github.com/mde/geddy/issues/309#issuecomment-19876897
.

Contributor

mde commented Jun 23, 2013

This is actually not a bad idea. You could easily include environment
variables that way. Then you could just remove the entry for your secrets
file from the .gitignore. Could you open a ticket for this?

On Sun, Jun 23, 2013 at 9:48 AM, MrOrz notifications@github.com wrote:

Ruby on Rails allows developers to use ERB syntax within config yaml files.
This enables the access to environment variables, accessing the secrets
specified with heroku config:add command.

IMHO maybe Geddy can provide something similar to Ruby on Rails?
Passing secret.json to an EJS evaluator before invoking the JSON parser
should do the trick.


Reply to this email directly or view it on GitHubhttps://github.com/mde/geddy/issues/309#issuecomment-19876897
.

@mde

This comment has been minimized.

Show comment
Hide comment
@mde

mde Jun 23, 2013

Contributor

NM, implemented in bfa7650, pushed to master.

Just commit your secrets.json file to Git (i.e., remove from the .gitignore), and use EJS with environment variables so your secrets don't end up in revision control.

Contributor

mde commented Jun 23, 2013

NM, implemented in bfa7650, pushed to master.

Just commit your secrets.json file to Git (i.e., remove from the .gitignore), and use EJS with environment variables so your secrets don't end up in revision control.

@mde mde closed this Jun 23, 2013

@MrOrz

This comment has been minimized.

Show comment
Hide comment
@MrOrz

MrOrz Jun 24, 2013

Wow that was fast! :D

MrOrz commented Jun 24, 2013

Wow that was fast! :D

@ben-ng

This comment has been minimized.

Show comment
Hide comment
@ben-ng

ben-ng Jun 24, 2013

Contributor

Sweet! I've been looking forward to this too. +1

Contributor

ben-ng commented Jun 24, 2013

Sweet! I've been looking forward to this too. +1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment