Geek Answers Handbook

How to store a secret key on Heroku?

I have a flash application hosted on Heroku that should run commands on an AWS EC2 instance (Amazon Linux AMI) using boto.cmdshell. A few questions:

  • Does the key pair use best practice to access the EC2 instance? Or is it better to use a username / password?
  • If using a key pair is the preferred method, what is the best way to manage / store private keys on Heroku? Obviously, placing a private key in git is not an option.

Thanks.

+6
source share
3 answers

What I was looking for is a guide to working with private keys. Both @DrewV and @yfeldblum pointed me in the right direction. I ended up turning my private key into a string and saving it in Heroku configuration variables.

If someone is looking for something like this, here is an example code snippet using paramiko:

import paramiko, base64 import StringIO import os key = paramiko.RSAKey.from_private_key(StringIO.StringIO(str(os.environ.get("AWS_PRIVATE_KEY")))) ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(str(os.environ.get("EC2_PUBLIC_DNS")), username='ec2-user', pkey=key) stdin, stdout, stderr = ssh.exec_command('ps') for line in stdout: print '... ' + line.strip('\n') ssh.close()

Thanks to @DrewV and @yfeldblum for their help (support for both).

+4
source

Heroku allows you to use configuration variables to control your application. Here is an example of my config.py file, which is inside my flash application:

 import os # flask PORT = int(os.getenv("PORT", 5000)) basedir = str(os.path.abspath(os.path.dirname(__file__))) SECRET_KEY = str(os.getenv("APP_SECRET_KEY")) DEBUG = str(os.getenv("DEBUG")) ALLOWED_EXTENSIONS = str(os.getenv("ALLOWED_EXTENSIONS")) TESTING = os.getenv("TESTING", False) # s3 AWS_ACCESS_KEY_ID = str(os.getenv("AWS_ACCESS_KEY_ID")) AWS_SECRET_ACCESS_KEY = str(os.getenv("AWS_SECRET_ACCESS_KEY")) S3_BUCKET = str(os.getenv("S3_BUCKET")) S3_UPLOAD_DIRECTORY = str(os.getenv("S3_UPLOAD_DIRECTORY"))

Now I have two different result sets. It extracts from environment variables . One, when my application is on my local computer and from Heroku configuration variables during production. For instance.

  DEBUG = str(os.getenv("DEBUG"))

is "TRUE" on my local computer. But a lie on Hereka. To check Heroku configuration configuration.

 Heroku config

Also keep in mind that if you want some files to be part of your project locally, but not to the hero or github, you can use git ignore . Of course, these files will not exist in your working application.

+5
source

You can use config vars to store configuration items in an application running on Heroku.

You can use a combination of username and password. You can make the username simple; but be sure to create a strong password, for example using openssl rand -base64 32 .

+3
source

More articles:


All Articles