Application confidential data and Rails credentials
Sometimes when we work in any application, we use confidential data in our application. Like Password,
or secrate keys
. We have to securly store those information inside our application, so that no data breach occure.
In case of ruby on rails, we can handle these datas in a secure way with rails credentials
.
There are two way, by which we can store and use these datas in our application,
- one is directly add those data into the application.
- another way is we can generate secure credentials with a master key.
Lets asume that we are going to use Aws bucket in our app, so have to store the
access key id
secret access key
Bucket name
Region Name
So we are going o store these data through the master key in rails app. lets hop-into termainal and go inside the rails application folder. and type the following command to open the credential file in your favourite editor. in my case i am using vim to open the file.
EDITOR=vim rails credentials:edit
with the bracket is my editor name, if you want to open this file in vs code or some other editor use the following command.
EDITOR="code --wait" rails credentials:edit
This will open the credential file. as follows This is the file where we have to put all of the credentials, Add your credentials according to your need.
After adding all of those credentials, save the file.
If success you will get a message on your terminal like as follows.
File encrypted and saved.
And it all done.
We can check the aws region that we plce inside our credentials using the rails console.
type rails c
to open rails console and type the following.
Rails.application.credentials.aws[:region]
This will show use the region that we place inside our credential.
=> "REGION_NAME"
Great.
Now we can use our credentials securely in our application as environment variable. here is a sample
s3_options = {#
bucket = Rails.application.credentials.aws[:bucket]
}
Great, all done.