Rails App in Dropbox - ruby-on-rails

I would like to backup my rails app usig a private git repo. I've decided to use Dropbox but I've already deployed to heroku, setup DNS for a custom domain name without backing up and would hate for something to go wrong by transferring my project.
Does anyone have experience with this or knows if something will go wrong? Should I reconfigure any files before transferring to a private dropbox folder?

Heroku's addons (i.e. custom domain) configurations are located on their server, not on your computer. Typically configs appear in ENV variables. Type heroku config to see what you have.
So yes, you are free to copy your code anywhere you like, and be sure to copy your dotfiles as well.
Personally, I use github for my code backups.

bitbucket now has private git repos. Unfuddle had them for a while too. These are all free, BTW.

In short - don't reconfigure or setup anything - have fun of some coding instead :)
If you just want your repo to stay safely in the "cloud" then:
Bundle (for git or mercurial)
Gmail the bundle to yourself as a reply to the same "pull" message". Or, in case you have a fellow coder, then gmail to him/her. Double-backup.
Done and forgotten. There is plenty of room in you gmail inbox and sent-items for the source-code of several projects.
IMHO it is:
fast
platform-neutral
shareable via smart-phone within 5 minutes maximum
pull/push/work anywhere
secure
easy
a natural habit

Related

How do I know which git revision unicorn/rails has currently loaded into memory?

I am debugging a problem where I experience unicorn not picking up code changes on deploys when I use the master re-spawn procedure for upgrading. I need a way to ask unicorn/my rails app which code revision is currently in memory - but I'm unsure how I would do that?
It depends on how you deploy your application. When you deploy does it get deployed with the .git directory in place and intact? That's not a recommended practice. (because if your server is compromised you don't want potentially sensitive or private information stored on that server, like what might be found in git data) And are git binaries installed on the system? Which again is not a recommended practice because deployed apps shouldn't have applications on them that attackers can leverage to pull down their own malicious code.
If both are present then you can use https://github.com/ruby-git/ruby-git, or more simply https://github.com/NARKOZ/git-revision, and then surface that somewhere in your application. (like a health check endpoint, or in headers) This would all be custom code that you have to write that is dependent on your application.
A better practice would be to inject a static value into your application when it is deployed. Your CI/CD pipeline would clone the repo, get the current revision, then store this in your application in a static file before it ships it, and then the app would serve up this file on demand. (or load it into memory on boot) This has the added benefit of not bloating your application with more gems and binaries that are not technically required and increase your attack surface.

How can I store an encryption key outside version control in Ruby

I need to use encryption on private/personal user data. I am going to use the following encryption library.
RbNaCL
I need a way to store the KEY outside of version control so I can run the app locally. When pushing the code to our hosting company I can put the KEY in the server env variables. Just not sure how and the best way to do it locally.
I should note that all developers working on the project use the same database so we all need the same KEY for development and staging environment.
https://www.happybearsoftware.com/how-to-actually-do-a-cryptography-in-ruby
I think what you are asking is how to keep a .env out of version control while in the repository, people collaborating should know about the what are the enviroment variables. Normally .env-sample (which is a dumy in which all variables are kept without values) is tracked and while .env is ignored (by adding it in .gitignore in case of git)
Typically, secrets never get committed to repositories. Just put them in a config file (like config.yaml or secrets.xml or env.sh or similar); copy the file (to something like config.yaml.example or secrets-skel.xml or env.sh.sample); put the first one into .gitignore (or equivalent, if you're a non-Git heretic), and replace all the secrets in the second one with placeholders. Commit the second one so that everyone who checks out the project will know the format that they should have; but the secret one never touches the repository. If you need to share keys between developers, do it in another way (from IRC/Slack/Email to encrypted USB storage device, depending on how confidential the stuff is).
If you go with YAML-ish kind of solution, in code you can try to find the file, if it is absent then use environment, or vice versa - look up environment, if no variable is there look for the config file to read from (and possibly even stuff it into ENV so you don't need another config object; you might do it in config/application.rb kind of thing. If you go with env.sh kind of approach, you can declare environment variables directly; when you need to start developing, you can source env.sh (or shorter . env.sh) to set them up.
I should note that all developers working on the project use the same database so we all need the same KEY for development and staging environment.
Store the key, and any other shared secrets, in a secure shared vault. Many password managers provide shared vaults, such as 1Password or LastPass.
Then each developer can copy the key from the shared vault and set it in their development environment.

Is it save to include AWS Cognito Identity Pool ID when pushing to github

I am making an app that will use AWS services as backend. I want to push the code to github. I know that shouldn't push any code with credentials embedded.
After reading this article https://mobile.awsblog.com/post/Tx2XEKZCNBM7U64/How-Amazon-Cognito-Keeps-Mobile-App-Users-Data-Safe i think it should be safe to have IdentityPoolID in the source code. I searched github and i seen many files with ID included in them. Is there anything can be done with the ID that compromises my AWS account? Should i just create .h files and add that file in .gitignore?
It is safe in the sense that nobody can steal your identity (your AWS acount details, access keys and secret keys). But developers who download your app from GitHub and run it will access your AWS services via Cognito. Your account will be charged for that. And of course you should take care which other AWS privileges are associated with the Cognito roles. I have an AWS open source project on GitHub and I don’t publish any AWS identifiers at all.
You can never be sure if it safe to commit this to GitHub but I'd like to raise another concern. When you Open Source an application, you ideally want someone else to be able to obtain a copy and install it to match their needs. That means there shouldn't be any configuration parts for your setup but there should be general file with example strings.
That being said, I recommend you do the .gitignore solution and add -f a default .h file.

developing several projects locally: How to configure environment variables

let's say I am developing 2 applications for 2 different clients which are, using 2 different database-configurations.
When using Openshift and CakePHP it is considered good practise to not store the real connection-info in the configs, but instead to use environment-variables.
That way the GIT-Repo is also always clean of server-specific stuff.
That is all fine as long as I have ONE project but as soon as there is another one, I need to override my local env-vars according to the current project.
Is there any way to avoid this? Is it possible to set up env-vars on my local machine per directory or something like that?
I am running OSX with Mamp Pro.
This may not be the best solution, but It would work. Create a different user on your local machine and then change to that other user when you need to access those other environment variables.
I create a 'data' directory in my git repo and set it to ignore. This way anything in there will be saved in the repo and sent to openshift. I place a config.ini file with all the info that I don't want in my repo.
I then manually put that config.ini file in Openshift's persistent DATA directory by using winSCP. You only have to do this when you change your config.ini.
When my app runs it detects if it's local or on Openshift and loads the config.ini file from the correct directory.
I would be interested if somebody has a better idea.
HTH

What is the proper way to handle Oauth Consumer Key and Secret in Rails?

I have a Rails application that connects to Facebook using OAuth. I'm looking for is a full description of how to handle the OAuth key and secret I get from facebook.
Where to store them?
How to store them there? I saw an answer saying it should be an env variable, but I'm looking for specifics: How do add them to env? manually? script? what script? where should it be? what about source control? what about production?
Any other details that I should know in order to implement the solution in dev, test and production.
I've seen some variants of this question, but never with a complete and detailed answer.
I'm really looking for the overall flow, but also need all the small details that may look trivial but are important to understand this.
You'll want to store your secret keys and environment-specific configuration outside of your code. You should store these in a way that would allow you to publish your source code in a public repository on, say github, without ignoring any files in source control. This is a principle of the Twelve-Factor Methodology.
Anyway, to answer your question, you could add these keys as shell variables. This assumes you are developing on *nix.
$ echo "export OAUTH_SECRET='kie92j8fKEHHE92Va1njk3'" >> ~/.bash_profile
Now in your Rails code, you have access to all your environment variables:
ENV["OAUTH_SECRET"]
These environment variables can be set in a deploy script that prompts you for them on the command line. This also allows each developer on your team to have his or her own keys.
Most of the people create their own config.yml. It is very easy to do. Here is a detailed description for creating config.yml

Resources