- Read Tutorial
- Watch Guide Video
When it comes to API credentials, it's absolutely important to secure your login data. Let me give you an example of why this is important.
Last year, I had a junior developer who was working with me on a project and he pushed up a file containing my AWS credentials to a public repository. Within two hours, I got a call from Amazon to tell me that I've incurred almost $18,000 in two hours on my AWS account. This happens because hackers have scripts on sites like github that constantly look for such accidental uploads of AWS credentials. To avoid paying hefty amounts due to hackers using your account, make sure you secure your credentials always.
Now, going back to our Twilio site, log into it if you already have an account. Otherwise, create a free account. When you log in, you'll be taken to this page.
You can see a link to view your API credentials on the right hand top corner of the page. Click on this to get your credentials. Also, feel free to browse through the site and add a phone number if you don't already have one.
Now, we are going to protect these credentials with a gem called dotenv-rails
. Copy this code to your gemfile
:
# Gemfile gem 'dotenv-rails' , :groups => [:development, :test]
Next, run bundle
on your console, and this will install the dotenv-rails
library.
Then, create a file called .env
and place it at the root of your application. This is where you'll put all your credentials. Before going any further, put this .env
file in .gitignore
file as this will ensure that your .env
file is not uploaded to github. The gitignore
file is automatically created by github and it gives you the option to avoid uploading certain files.
This is how the gitignore
file should look after you add /.env
:
# See https://help.github.com/articles/ignoring-files for more about ignoring files. # # If you find yourself ignoring temporary files generated by your text editor # or operating system, you probably want to add a global ignore instead: # git config --global core.excludesfile '~/.gitignore_global' # Ignore bundler config. /.bundle # Ignore all logfiles and tempfiles. /log/* !/log/.keep /tmp /.env
To verify that this is working, run git status
and this will show that we have made changes to the gitignore
, gemfile
and gemfile.lock
files, but it won't show any information about the .env
file, and this is exactly what we want.
Now, open your .env
file and add your Twilio credentials like this:
TWILIO_ACCOUNT_SID=YOURACCOUNTSID TWILIO_AUTH_TOKEN=YOURAUTHTOKEN TWILIO_PHONE_NUMBER=+1YOURPHONE
You can also have different names for these variables. But, make sure your phone number is correct. It should start with "+1" if you're in the US, and your respective country code if you're elsewhere. Also, this number should be the one associated with your Twilio account.
You can test this on your rails console. Type ENV
followed by any variable and it should return the value, just like this:
If you run into any problems, it could possibly be due to something called Spring
. If you open your Gemfile
, you'll see a gem called Spring
in the development group.
Essentially, this gem helps your development environment to load and perform faster, but sometimes it can also cause ENV
variables to not appear. So, if you have any problem, stop spring with the command spring stop
, and this should solve your problem.