I've been using gitignore for password/key protection on my Ruby on Rails apps, so that my config files aren't committed to and publicly available for view on Github.
Going through the Github Developer's API tutorial suggests using environment variables to store these. If I'm not deploying is there any reason I shouldn't use gitignore to store my keys?
There's no strongly compelling reason to prefer environment variables over files, but I'm not sure I'd feel comfortable relying on .gitignore and keeping the files in the source tree. If you opt for files, you might want to consider moving them outside the source tree to avoid any mistakes.
If you've committed the files at any point in the past (particularly to a public site like GitHub), then adding them to .gitignore later isn't going to remove the copies of previous versions that were committed; they'll still be in the repository, and someone could browse back to a version where they weren't ignored.
Additionally, depending on how you run your app, having them in the same directory as the app may make you more vulnerable to web-based security holes. If you keep them outside the app tree, you may gain some limited protection from exploits that can read arbitrary data from the app tree. I don't know that this is all that much of a concern (an exploit that can read within the app tree can probably read outside it too), but it wouldn't hurt to keep them in another directory.
I tend to prefer environment variables because it makes deploying to Heroku easier, so I use them in development too. I'd probably use a file for anything more than simple login/password pairs (RSA keys, etc), and store it in my home directory or somewhere under /var/lib or /etc or /usr/local or something.
There is a gem designed for solving such problems specifically
Figaro: https://github.com/laserlemon/figaro
In a nutshel, Figaro provides a clean and simple way to configure your app and keep the private stuff ... private.
All of your passwords, API keys and anything confidential can be saved in a local yml and won't be pushed to remote git repo.
Related
I've been working on a Ruby parser, that fetches data from different API sources, and compile this data into a clear read-to-use JSON file.
For my use case, i need to store the data i'm initially fetching from the different sources as i don't want to fetch them each time I use the code.
For now i'm writing the JSON i'm receiving from the API sources locally into different JSON files stored in a data folder where my ruby script is. Then i read those files again, parse them and generate my new formatted JSON file that i'm gonna use later in a Rails app.
For that matter i want to create a Gem from this ruby script, which i'm currently working on. Nevertheless i'm not sure to fully understand how and where i should store that data (the one i'm fetching and the one i'm generating).
For now i have tried to simply keep the code as is and simply try to write the file like so:
URI.open("path/to/where/i/wanna/store/file.json", "wb") do |file|
file << URI.open(fetched_data_url).read
end
But wherever i try to write the data i get a :
No such file or directory # rb_sysopen path/to/where/i/wanna/store/file.json
Which in a way does not surprise me that much as i expected it to work in different ways in the context of a Gem. But i'm still missing something here about how to handle this. I'm not sure to fully understand how that all works, especially when you use paths in a gem that will ultimately be used in a rails project.
So several questions here:
Whenever you use a path to write a file inside a Gem, is that path relative to the gem or to the project that will ultimately use that Gem? (and consequently will the file be written inside the project that uses the Gem?)
In that precise use case here, what should i do about it? Where and how do i store my data so that i can use it later? knowing that i need to store it as a JSON file and that for now any attempt of writing a file ends up with an error.
Any input on what i'm misunderstanding here would be much appreciated ! Thanks !
Whenever you use a path to write a file inside a Gem, is that path relative to the gem or to the project that will ultimately use that Gem?
There is nothing special about using file paths whether the code is part of a Gem or not.
path/to/where/i/wanna/store/file.json is a relative path, which means it is looked up relative to the current working directory of the user who started the script. That's nothing special about Gems, that's not even anything to do with Ruby. That is just how file paths work. Relative paths are relative to the current working directory, absolute paths are not.
Where and how do i store my data so that i can use it later?
This depends largely on the Operating System Environment. Different OS Environments have different conventions where to store what kind of files. E.g. your files look like they fit the definition of a cache and Windows has a dedicated folder for caches, as does macOS, as do Linux distributions that follow the Linux Standard Base, as do Desktop Environments that follow the Free Desktop Standards, as does Android, as does iOS, …
For example, the Free Desktop Group has the XDG Base Directory Specification, which defines directories for application state, application data, application cache, and many other things for XDG-compliant environments. Microsoft has similar specifications for Windows. The LSB has something to say as well.
Configuration values (e.g. 3rd party API key/secret, SMTP config, some paths) can be stored in environment (e.g. .bash_profile file) or config/environment folder (e.g. config/environments/development.rb and etc.).
Are there any reasons why one or the other solution is preferred? It seems that using config/environments is a little easier because everything will be tracked in CVS. I'm wondering if there are any reasons why environment variables should be used instead of specifying values directly in config/environments.
You should not put this kind of config values in the CVS (what if you hire some developers, do you really want to share credentials with everybody?).
Many solutions are available in the Rails ecosystem, check here.
Its often a matter of having those settings either in ENV or in a yml file.
Am using EngineYard to host my Rails 3.2 app. This application allows users to post images/assets. I save them in the public directory (using Paperclip Gem). Now, my problem is that - with a new deployment, I am having to manually copy over the assets to the CURRENT version.
Though, I could use AmazonS3, I still want to figure out if there is a way in EngineYard which lets me save/serve the assets from a different directory than the code, say /data/assets.
Please, let me know if you see any other alternate implementations too.
Typically your structure would look like
/data
myapp/
shared/
images
releases/
20120613000000
20120601000000
...
current (symlink to one of the releases)
When you deploy, you symlink public/images to shared/images and so your images always get stored in a non release dependant location.
I would encourage you to use something like s3: you'll make things a lot easier for when you want to host the app on multiple instances.
I was hoping you folks could recommend a "best practice" for source controlling binary assets for a Rails site in git.
My main concern is that as we work on the site, constantly adding and removing 500kb+ images from our git repo, the repo will eventually get pretty fat and unwieldy and we'll either have to manually remove those images from history (prone to disaster, as far as I can tell) or put up with a long initial download and extra wasted space on disk.
What are some alternatives for separating the app's logic from the assets? Git submodules? Anything else?
Thanks!
It seems this is pretty well covered elsewhere on SO and elsewhere. A start (after 5 seconds of searching):
On how binary files are tracked: http://osdir.com/ml/git/2009-04/msg01221.html
Seemingly relevant: Managing large binary files with git
If you're really seeing bloat in your repo and are wanting to keep the main rails app repo free of this, you can look into git submodules - all changes to the images would be kept within a separate assets (for example) repo, keeping your main repo free of incurred bloat.
Add the images folder to your .gitignore file. e.g.
/app/assets/images/*
For every project it's like having two parts: the Rails application and then all documents and pictures related to it.
I wonder how you organize them both.
Do you put everything under the same project root folder and apply Git on that folder or don't you protect your documents with Git at all?
Then, what if the docs are too sensitive or only for owners of that project. Then I probably should't have it under the same folder right?
How have you structured both your Rails code and belonging business documents?
Share your solutions!
If you're deploying with capistrano, as a lot of Rails apps are, the standard solution seems to be to keep these sorts of assets within the shared folder, and then get cap to symlink them into the application at the point of deploy.