Handle Secrets With Environment Variables

Enables deploying directly from the public repo securely, so long as you specify the RAILS_SECRET_TOKEN environment variable on the target app servers. The development and test secret tokens are obviously garbage, but will do for local testing.
amazon-archives · Aug 20, 2014 · 7c215ab · 7c215ab
1 parent 67a0f4b
commit 7c215ab
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -13,7 +13,4 @@
 
 # Ignore all logfiles and tempfiles.
 /log/*.log
-/tmp
-
-# Do not include secrets.
-/config/secrets.yml
+/tmp
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -49,6 +49,7 @@ GEM
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
     json (1.8.1)
+    kgio (2.9.2)
     libv8 (3.16.14.3)
     mail (2.5.4)
       mime-types (~> 1.16)
@@ -76,6 +77,7 @@ GEM
       activesupport (= 4.1.1)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
+    raindrops (0.13.0)
     rake (10.3.2)
     rdoc (4.1.1)
       json (~> 1.4)
@@ -116,6 +118,10 @@ GEM
     uglifier (2.5.0)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
+    unicorn (4.8.3)
+      kgio (~> 2.6)
+      rack
+      raindrops (~> 0.7)
 
 PLATFORMS
   ruby
@@ -134,3 +140,4 @@ DEPENDENCIES
   therubyracer
   turbolinks
   uglifier (>= 1.3.0)
+  unicorn
diff --git a/config/secrets.yml b/config/secrets.yml
@@ -0,0 +1,8 @@
+development:
+  secret_key_base: 'devdevdevdevdevdevdevdevdevdev'
+
+test:
+  secret_key_base: 'testtesttesttesttesttesttesttest'
+
+production:
+  secret_key_base: ENV['RAILS_SECRET_TOKEN']