Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
secrets is now secretive - please switch to singlebrook/secretive
Ruby
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
spec
.gitignore
.rspec Initial commit.
Gemfile
LICENSE
README.md
Rakefile
secrets.gemspec

README.md

Secrets is now Secretive. Please change to singlebrook/secretive

Secrets

Secrets, secrets, are now fun. (Exposed secrets hurt someone.)

Secrets is a way to configure your application's ENV variables using a .yml file.

It includes Rails integration, including a generator and a task for sharing secrets with Heroku.

Installation

Add this line to your application's Gemfile:

gem 'secrets'

And then execute:

$ bundle

Or install it yourself as:

$ gem install secrets

Usage

Setting Up (With Rails)

Simply run rails g secrets to create and automatically .gitignore the required .yml files.

When starting your Rails application, top-level variables and any variables in a group with the same name as your Rails environment will become ENV variables.

For example, take following YAML file:

TOP_SECRET: "This will self-destruct."

development:
  SUPER_SECRET: "Jeremiah was a bullfrog."`
production:
  SUPER_SECRET: "He was a good friend of mine."

In development:

$ rails console -e development
  > ENV["SUPER_SECRET"]
  => "Jeremiah was a bullfrog."

  > ENV["TOP_SECRET"]
  => "This will self-destruct."

In production:

$ rails console -e production
  > ENV["SUPER_SECRET"]
  => "He was a good friend of mine."

  > ENV["TOP_SECRET"]
  => "This will self-destruct."

Setting Up (Without Rails)

If not using Rails, create a config/secrets.yml file (or whatever you want to call it) and call Secrets.environmentalize! somewhere in your application.

Customizing

You can choose which file to use as your secrets file by setting Secrets.file = "../path/to/myfile" before calling Secrets.environmentalize!.

You can also pass Secrets.environmentalize! a scope. Top-level variables will always be loaded.

For example, take following YAML file:

TOP_SECRET: "This will self-destruct."

superheroes:
  BEST_HERO: "Harvey Birdman"`
supervillains:
  BEST_VILLAIN: "Mentok, Mind-Taker"

After calling Secrets.environmentalize!("superheroes"):

$ irb
  > ENV["BEST_HERO"]
  => "Harvey Birdman"

  > ENV["TOP_SECRET"]
  => "This will self-destruct."

  > ENV["BEST_VILLAIN"]
  => nil

Sharing with Heroku

Secrets comes with a rake task for sharing secrets with Heroku.

Run rake secrets:share_with[yourapp] to convert all values in the production scope of your .yml file into ENV variables in the Heroku app.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
Something went wrong with that request. Please try again.