Multi-environment usage

[ThisIsMissEm]

Currently we configuring symmetric-encryption, you can specify each of the environments that you have (e.g., say if you have a demo or staging environment). This works well, but there's an issue: The default way to determine which "environment" symmetric-encryption should use is to look at Rails.env

However, Heroku recommends against multiple "environments" (details), so in order to work nicely with heroku Rails.env has to be just "production"

It seems that it'd be possible to read from something else, given the contents of railties

I'd like to field interest in setting up an ENCRYPTION_ENV variable as an alternative to use Rails.env (i.e., env = ENV['ENCRYPTION_ENV'] || Rails.env).

This way I could still have multiple encryption environments and still play nicely with heroku.

[reidmorrison]

Symmetric Encryption supports both environment variables and Heroku directly. Look for the Heroku option when generating the configuration file:
https://rocketjob.github.io/symmetric-encryption/configuration.html

[ThisIsMissEm]

The problem is with --envs ENVIRONMENTS, say I have a heroku pipeline setup with production and release apps, in order to instruct symmetric-encryption which keys to use for which app, I need to pass RAILS_ENV=production or RAILS_ENV=release, this is problematic because heroku thinks that release isn't a production-like environment. Additionally anything that does optimisations for Rails.env.production? will consequently not be optimised in release but will be optimised in production

Hence wanting a way to have RAILS_ENV=production in both apps, but use different symmetric-encryption keys. As proposed, having a environment variable specifically for symmetric-encryption to use to understand it's environment.

*edit: * for clarity, I did use the heroku keystore option when I setup my app with symmetric-encryption. The issue is in this: (don't worry, those keys aren't in actual use)

test-symmetric-encryption $ symmetric-encryption --generate --keystore heroku --app-name my_app --environments "test,development,release,production"

********************************************************************************
Add the environment key to Heroku:

  heroku config:add MY_APP_RELEASE_V1=Zgw02KnfY7+ONkLuZNYd+ddjt/jGlYzmFA4mJUujwlo14023FzH9w07IY1s4/ASG

Or, if using environment variables on another system set the environment variable as follows:

  export MY_APP_RELEASE_V1="Zgw02KnfY7+ONkLuZNYd+ddjt/jGlYzmFA4mJUujwlo14023FzH9w07IY1s4/ASG"

********************************************************************************


********************************************************************************
Add the environment key to Heroku:

  heroku config:add MY_APP_PRODUCTION_V1=JKShE9m/IzoguX4I0HYr6/oU3VGjPtz1dis5+aJB0o1gAxogXB5oX2cCnP7R1sKN

Or, if using environment variables on another system set the environment variable as follows:

  export MY_APP_PRODUCTION_V1="JKShE9m/IzoguX4I0HYr6/oU3VGjPtz1dis5+aJB0o1gAxogXB5oX2cCnP7R1sKN"

********************************************************************************
New configuration file created at: test-symmetric-encryption/config/symmetric-encryption.yml

In order to know if symmetric-encryption is meant to use MY_APP_PRODUCTION_V1 or MY_APP_RELEASE_V1, it defers to Rails.env, as far as I can tell: https://github.com/rocketjob/symmetric-encryption/blob/master/lib/symmetric_encryption/railtie.rb#L38

[ThisIsMissEm]

It's where the env at the end of this line comes from which is the problem: https://github.com/rocketjob/symmetric-encryption/blob/6668880e659672a5c724fd2db63c01cfb05590b7/lib/symmetric_encryption/config.rb#L76

[reidmorrison]

@ThisIsMissEm The above PR has been merged, does it sufficiently address the requirements above?