I am inserting API keys and such things in config yaml like
development: twitter_api_key: stringstringstring chunky: bacon production: twitter_api_key: gnirtsgnirtsgnirts foo: bar
then use the built-in Sinatra suite for data processing.
configure do yaml = YAML.load_file(settings.config + "/config.yaml")[settings.environment.to_s] yaml.each_pair do |key, value| set(key.to_sym, value) end end
And I can access them from the settings object. I am not sure why you will not transfer the configuration file. There is no serious security risk, since only the paths that you have explicitly defined can be accessed via the Internet. I think the administrator password can be saved in the same way if you do not want to put it in the database, but I would at least encrypt it with salt .
Just be careful not to step on the Sinatra Configuration Settings when defining your own.
EDIT:
I think I just realized why you prefer not to commit the configuration file. If you are working on an open source project, you certainly will not want to commit the configuration file to your open source repository, but you will need to commit the file to Heroku for it to work. If so, I would:
- Use two separate local repositories: one for the open source project and one for the heroku project. Just install the open source project as an upstream repository in the Heroku project, then you can get the changes.
- Put both the API keys and the encrypted / salty password into the database; MongoHQ offers a free tier for Heroku users as an addon for easy nosql storage using MongoDB .
Dorkus prime
source share