Ruby hiding API keys and IP address? - ruby

I have a ruby script main.rb which takes in two parameters, ipaddress and apitoken.
$token = "VALUE"
$ip_addr = "ADDRESS"
These values are hard coded into the script. When I push the project into Github's repo, I get a warning that my keys are visible.
What is the recommended way to hide these variables? Is it as simple as adding a separate file for these values and adding them to .gitignore?

Personally, I don't like using open and file operations in code. Better way would be to use one of the following approaches,
Put the keys in system environment as follows,
export MY_TOKEN=xyz
export MY_IP_ADDR=a.b.c.d
If you want it to be available after you restart shell, then put it in ~/.bash_profile.
and in your code use as follows,
$token = ENV["MY_TOKEN"]
$ip_addr = ENV["MY_IP_ADDR"]
OR
You can use dotenv gem, if you don't want system wide environment variables and exclude .env from git but putting the file in .gitignore.

Following this guide, a simple way to do this is to create folders .auth_token and .ip_addr.
Add the necessary keys in them and access them by reading the files as follows:
$token = open("lib/assets/.auth_token").read()
$ip_addr = open("lib/assets/.ip_addr").read()
If pushing to a repository, make sure the folders are added to .gitignore

Related

Store an API_KEY in an env var and use in a playlist URL

I use a streaming service (di.fm) that has many channels. Each channel has a playlist I stream from the CLI (using mpv). Each URL in each playlist stores the API KEY.
I want to store the API KEY outside of the individual playlists, so for example, if I change the API KEY, I don't have to change every playlist.
I'm on a Mac.
1) What is the best (safest) place to declare export DI_KEY=""? In .bashrc was my first thought, except I back it up to github. Any other better place to declare the env var that will be created each time I enter bash?
2) In the playlist file, how do I use the $DI_KEY in the URL?
[playlist]
NumberOfEntries=1
File1=http://prem4.di.fm:80/00sclubhits?$DI_KEY
Title1=DI.FM - 00s Club Hits
Length1=0
Version=2
Just referencing it directly doesn't work.
I'm sure this may be answered elsewhere, but in all my searching I couldn't find any helpful answers, particularly to questions 2.
Regarding setting env variables outside of .bashrc, you could create a separate file to define sensitive variables and source this from within your .bashrc.
For example, create a file ~.my-private-variables, add the filename to your .gitignore and add the line export DI_KEY="12345" to this file. Then add the following block in .bashrc:
if [ -f ~/.my-private-variables ]; then
. ~/.my-private-variables
fi
Regarding the playlist file, bash is not running the file, so the environment variable is not expanded.
You could dynamically generate the playlist when bash starts, something like this:
#!/bin/bash
filename=playlist-1.pls
baseurl=http://prem4.di.fm:80
cat << EOF > $filename
[playlist]
NumberOfEntries=1
File1=${baseurl}/00sclubhits?${DI_KEY}
Title1=DI.FM - 00s Club Hits
Length1=0
Version=2
EOF
This will expand the variable and write it to the file, in this case playlist-1.pls in the current working directory. You might add an absolute path to the filename variable that references your playlists directory.
To run this, you could create a script called playlist-generator and source this in .bashrc as described above. You could add as many playlists as you like here.

Is there any way to use dotenv with Bitbucket Pipelines?

As the title says, is there any way to use dotenv with Bitbucket Pipelines for CI purposes, while still adding the (perhaps multiple) (.stage).env to .gitignore?
I know Pipeline supports environment variables, and that they can be referenced in bitbucket-pipelines.yml, but I can't figure out how to use dotenv files instead, and vary which file to use based on i.e. branch patterns.
For example, I'd like commits to develop to use .test.env variables, while commits to master instead uses the variables from .prod.env.
Perhaps I'm going down the wrong path? Although other websites use examples of multiple .env files, the library authors discourage that approach. I'm using Zeit Now for hosting, so I can't just SSH a .env file onto the server.
Any advice is very welcome :-)
Create a base64 string out of your .env file. Then copy this string into your environment variables of your pipeline, see here: https://confluence.atlassian.com/bitbucket/environment-variables-794502608.html
For example, your content is now defined in APP_ENV, then you can use this line in your pipeline configuration file:
echo $APP_ENV | base64 --decode --ignore-garbage > ./www/.env
Now it is save because nobody knows your secrets in this file except your pipeline container itself.
This method could be used for all .env-files, also staging files. :)
Rename the files inside your develop pipelines:
mv .test.env .env
or in your master pipelines:
mv .prod.env .env

Use multiple env files

I'm wondering if there's a way in Laravel to specify a set of env files to load. My exact problem is I want to add something like a suffix to all my .js and .css resources. Ideally I'd have a suffix like the release date because it would be ok for these files to be cached within the same release but I would like the caches to be invalidated on the next release. However I want to avoid reading, modifying and saving the .env file if possible and would instead prefer to create a new file e.g. .env.rdate which would be generated via a script, e.g.
echo APP_RELEASE_DATE=`date +%s` > env.rdate
or something like this. Is this at all possible or do I have to read/update/write the .env file instead?
Create your .env.rdate file next to .env file.
Put this to your AppServiceProvider boot method:
$dotenv = new \Dotenv\Dotenv(base_path(),'.env.rdate');
$dotenv->overload();
After you can use in your project:
ENV('APP_RELEASE_DATE')

Reduce file path when calling a file from terminal

I'm using Lua in interactive mode on a Mac (thanks to rudix.org).
When I want to load a file I do:
dofile("/my/long/path/to/my/directory/file.lua")
I want to do a different thing, that is:
put all my files in a desktop directory myDirectory;
then call the file from the terminal this way dofile("file.lua");
Is this possible? How?
If the path is fixed, you can just redefine dofile:
local _dofile=dofile
local path=("/my/long/path/to/my/directory/")
function dofile(x)
return _dofile(path..x)
end
You may put this (and other initializations) in a file and set the environment variable LUA_INIT to its location. After this, every invocation of lua will see the version of dofile redefined above and the users will be able to say simply dofile("foo.lua").
Alternatively, you can use require, which looks for modules in a list of paths in package.path or LUA_PATH.

Laravel 5 doesn't read values from dot ENV files

I don't know if this question is relevant or not. LARAVEL 5 is still in developmental phase. I have pulled LARAVEL 5 after watching one of the Laracast video about new features in LARAVEL 5. I couldn't resist to wait for its formal release.
I named the local environment dot file as .env.local.php. But for some reason I am unable to get the the values from this dot file when using $_ENV['KEY'].
I am quite sure that I have configured the environment correctly. When doing $app->environment() shows the correct environment. Has it been changed in LARAVEL 5 the way we get the values from dot files or am I missing something ?
By default in environment.php file you have something like that:
if (file_exists(__DIR__.'/../.env'))
{
Dotenv::load(__DIR__.'/../');
}
so only .env file is being read (notice .env not .env.php - so you should rename your file - or you can add as 2nd parameter file name .env.php if you want). Any other environment files (.local.env) are not being read by default - you will need to load them manually.
If you don't have such code by default, you should probably update/install Laravel 5 again (changes appear very often)
Now, I don't know what method you use, but you can put in your .env file also your environment name in for example APP_ENV variable, create .local.env file with content you want and then you could use in environment.php file:
if (file_exists(__DIR__.'/../.env'))
{
Dotenv::load(__DIR__.'/../');
if (getenv('APP_ENV') && file_exists(__DIR__.'/../.' .getenv('APP_ENV') .'.env')) {
echo "loading";
Dotenv::load(__DIR__ . '/../', '.' . getenv('APP_ENV') . '.env');
}
}
If you don't want to do it this way, you can probably change the other and load env file you want based on $env assuming you use PC based environment detection.
If it's unclear you can also look at What's the correct way to set ENV variables in Laravel 5?

Resources