I have a Heroku-hosted Sinatra app for which I need to enable Rack::Protection::AuthenticityToken. To this end, I need to set up an environment variable to enable session cookies:
use Rack::Session::Cookie, secret: ENV['MY_APP_SECRET']
I need the cookies to work both on localhost and on Heroku. Given that it's bad practice to hard-code the variable in one's config.ru like this:
use Rack::Session::Cookie, secret: 123qwerty
...do I set the variable in my local .bash_profile using this syntax:
export MY_APP_SECRET=123qwerty
...or do I set it on the Heroku CLI with:
heroku config:set MY_APP_SECRET=123qwerty ?
You'll need to set the environment variable for both local development and for Heroku. For local development, you could set it in your .bash_profile, but that would make it available to every process in your shell. Instead you could set it whenever you run your local server like this:
MY_APP_SECRET=123qwerty shotgun config.ru
A better alternative, IMO, is to use a tool like the dotenv Ruby gem to manage environment variables.
Either way, you still need to set the variable for the Heroku environment using the heroku config:set command.
Related
How do I create a group of environment variables that can be used both locally in development and on Heroku using Rails 6?
There are many different ways to configure environment variables, and people have many different preferences.
Personally, for my local development, I typically use the dotenv gem. I'll git-ignore .env, but I'll add a .env.example with all the vars I need stubbed out.
Then in my local checkout(s), I'll cp .env.example .env, and I will edit that .env file for all of my local configuration.
dotenv-rails includes a railtie to load environment variables from the .env file if they have not already been supplied as real env vars.
When I deploy to Heroku, I just use the Heroku console or GUI to set up my environment variables there.
Rails credentials work great and they don't require any extra gems and keep all your app secrets in one location.
EDITOR=vim rails credentials:edit
You can access any variable you set in this encrypted file by Rails.application.credentials.name_of_key. Typically, your .gitignore file will exclude the master.key file, so to make it accessible on a cloud provider, you'd provide the single key as an environment variable for decryption.
I set environment variable port for heroku but later I read that heroku set this it self ,port is also not shown in environment variable in advanced system settings but shown in command line when i enter SET or ENV how can i remove that?
Because my heroku app is not running?
If you have manually set the Heroku PORT env var, you need to unset it. It is dynamically set by Heroku at build time.
heroku config:unset PORT
https://devcenter.heroku.com/articles/config-vars
I'm having some issues with SECRET_KEY_BASE setting on our production Ubuntu server with Unicorn and nginx. I added the variable to .bashrc and its reading fine when I try echo $SECRET_KEY_BASE, but for some reason I'm getting the following error:
app error: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml` (RuntimeError)
Also, when I try to access the variable with ENV["SECRET_KEY_BASE"] from within the console in production environment, I can read it fine.
I tried restarting Unicorn and server and it doesn't help. Any idea why this is happening?
You may need to add the variables to the unicorn.conf file, since it seems you are launching Unicorn with a different user or without sourcing your .bashrc.
In any case, I suggest you use dotenv gem to store your env variables in a .env file within your project. That is the cleanest way I know. If you need to have capistrano integration and handle all the different environments with ease, you can also use dotenv-deployment gem.
I uploaded a Sinatra app to the server (heroku). But it seems like the app acts itself like it's at a localhost unlike my another Rails app which works well there.
So how do I check if my Sinatra app uses the correct environment or not? And how does Sinatra know which environment to use?
By nature heroku will take care of setting the environment. By default it's "production". In case you have different config/behavior for different use case, you would have to code that first.
For example
if ENV=="production"
# do something
elsif ENV=="staging"
# do something else
end
I am not sure why would you want to set environment explicitly to "production" or something else. That should be left at discretion of hosting environment.
Update
More info on Heroku documentation
Further update
heroku run printenv
above should list environment variables.
I add an environment variable to all my heroku instances:
heroku config:add APP_NAME=<myappname>
Then, for Sinatra, I have the following in the config.ru:
# detect environments and setup some passwords
case ENV['APP_NAME']
when 'prod-damon'
# whatever for production
when 'dev-damon'
# whatever for development on Heroku
else
# whatever for local
end
I want to set MONGOHQ_URL in my sinatra app in order to be able to do this:
uri = URI.parse(ENV['MONGOHQ_URL'])
How do I setup the MONGOHQ_URL?
on Windows: set MONGOHQ_URL=test
on Unix (bash): export MONGOHQ_URL=test
on Unix (csh): setenv MONGOHQ_URL test
In order for your environment variables to always be available to your app, you will need to make sure they get exported whenever a new terminal session launches. It's common to put these in .bashrc for example
export MONGOHQ_URL=https://some.long.secure.url # for example
But for your local development purposes you might want to check out dotenv gem which allows you to store local environment variables in .env file in root of your project. For production, you should be able to Figaro with Sinatra, for more see answer to this question or see readme on the github repo
In general you should always make sure not to commit sensitive config information in your codebase so make sure to add any files like .env or config/application.yml to your .gitignore file.