我使用的是回报率通过Heroku的主持，我想存储在S3上使用回形针文件。我的源$ C ​​$ C托管在GitHub上，是世界的可读性。什么是保持密钥的秘密来自世界其他地方的最佳做法？ 回形针表明访问密钥存储在一个配置文件（或在code）中，因此，例如，我有：

I'm using RoR hosted by Heroku and I'd like to store files on s3 using paperclip. My source code is hosted on github and is world readable. What is the best practice to keep the keys a secret from the rest of the world? Paperclip suggests that the access keys are stored in a configuration file (or in code), so for example I have:

文件：配置/ s3.yml

file: config/s3.yml

access_key_id: my_access_key_id
secret_access_key: my_very_secret_key
bucket: bucket_name

Heroku的工作，承诺code当地混帐，然后将其推到Heroku的。 因为我还使用github上，我把同样的code到Github上为好。这意味着，我推密钥也有。 我目前使用的世界可读GitHub的帐户，所以如果我祈祷，github上我可以做一半的问题消失，但我依然不是很满意密钥趴在code的配置文件。我不知道是否有这个虽然是更好的做法。

Heroku works by committing code to local git and then pushing it to Heroku. Since I'm also using github, I push the same code to github as well. That means that I push the secret keys there too. I'm currently using a world-readable github account, so if I payed github I could make half the problem go away but still I'm not happy with secret keys lying in a configuration file in code. I don't know if there's a better practice for this though.

什么是保持钥匙的秘密，并仍然使用图书馆服务的上述列表中的最佳实践？

What is the best practice for keeping the keys secret and still using the above mentioned list of libraries and services?

顺便说一句，我只开始与回报率和Heroku的最后一周，所以我可能会被认为是newbe，请体谅;！）谢谢

BTW, I've only started with ror and heroku last week so I may be considered a newbe, please be considerate ;) Thanks!

推荐答案

您需要从Heroku的应用程序中使用的ENV变量。

You need use the ENV variable from your heroku app.

如果你做了Heroku的配置，你可以访问所有的ENV变量。你只需添加一些，并直接在应用程序中使用它。

If you do a heroku config you can have access to all of your ENV variable. You just add some and use it directly in your application.

使用这一招，你并不需要更新您的code改变你的配置和配置，如果在你的code碱基不能确定。

With this trick you don't need update your code to change your configuration and the configuration if not define in your code base.

在你的s3.yml你只需要做的：

In your s3.yml you just need do :

access_key_id: <%= ENV['S3_ACCESS_KEY'] %>
secret_access_key: <%= ENV['S3_SECRET_KEY'] %>
bucket: <%= ENV['S3_BUCKET_NAME'] %>

而在你的Heroku的应用程序添加此ENV变量

And add this ENV VARIABLE in your heroku app

heroku config:add S3_ACCESS_KEY='your_key'
heroku config:add S3_SECRET_KEY='your_secret'
heroku config:add S3_BUCKET_NAME='your_nucket_name'