Securing API Credentials in a Rails Project
In this lesson, we are going to learn how to secure our API credentials using the Figaro Ruby gem.
Guide Tasks
  • Read Tutorial
  • Watch Guide Video
Video locked
This video is viewable to users with a Bottega Bootcamp license

In this lesson, we are going to learn how to secure our API credentials.

Start out by going to your console and type figaro install. This command will create a file called application.yml inside the config directory.

medium

It also appends to the `.gitignore' file you will have this only if you have initialized the github repository in your system.

If you go to application.yml, this is what you'll see:

large

If you have a git repository for the app, then you can go to the .gitignore file, and this what it looks like:

large

If you come to the last two lines, you can see it tells the application not to send the application.yml file to github to prevent hackers from getting your login credentials. Typically, hackers have something called scrapers set up on the web, specifically in sites like github, so if anyone uploads a file with their credentials, then their personal information will be used by hackers to put their own things on the web. In the case of AWS, for example, what they upload can span across thousands of servers, but it will be charged against your account. So, you want to be really careful about securing it.

Now, we will be going into our application.yml file to put in our credentials. For AWS credentials, type:

AWS_ACCESS_KEY_ID = ""
AWS_SECRET_ACCESS_KEY = ""
development:
  AWS_BUCKET:
production:
  AWS_BUCKET:

In the first two lines, I'm putting in my AWS authenticating credentials. You can find this information when you login in to your account through the web browser. In the next line, I'm giving the name of the bucket into which my files should go in the development and production environments. It's usually a good idea to keep the buckets separate for each environment.

So, that's how you secure your credentials in Rails. In the next few lessons you'll see how you can call these environment variables throughout the applications.