Geek Answers Handbook

What is the proper way to handle Oauth Consumer Key and Secret in Rails?

I have a Rails app that connects to Facebook using OAuth. I am looking for a complete description of how to handle the OAuth key and secret that I get from facebook.

  • Where to store them?
  • How to store them there? I saw the answer saying that it should be an env variable, but I'm looking for specifics: how to add them to env? manually? script? what is the script? where should it be? how about source control? how about production?
  • Any other details I need to know in order to implement the solution in dev, test and production.

I saw several variations of this question, but never with a complete and detailed answer.

I'm really looking for a common thread, but also need all the little details that may seem trivial, but important to understanding this.

+4
source share
2 answers

You will want to keep the secret keys and environment-specific configuration out of your code. You must store them in such a way that you can publish the source code in a public repository, such as github, without ignoring any files in the source control. This is the principle of a twelve-factor methodology.

In any case, to answer your question, you can add these keys as shell variables. This assumes that you are developing on * nix.

$ echo "export OAUTH_SECRET='kie92j8fKEHHE92Va1njk3'" >> ~/.bash_profile

Now in your Rails code, you have access to all environment variables:

 ENV["OAUTH_SECRET"]

These environment variables can be set in a deployment script that requests them on the command line. It also allows each developer in your team to have their own keys.

+5
source

Most people create their own config.yml. It is very easy to do. Here is a detailed description for creating config.yml

0
source

More articles:


All Articles