Re: How do you manage your production secrets (API key's etc.) without using source control?
Martin/others, Chef has a registry service for stuff just like this. It is very powerful. They show a capistrano script that doesn't know the target of the deploy. It simply asks for the app server list. And having all these database passwords in the environment seems a little disconcerting. Is this what ZooKeeper provides? What else out there could Heroku use as a reference? -Keenan On Monday, October 29, 2012 at 3:42 PM, Martin Wawrusch wrote: To chime in here a bit, what we and a lot of others I know of would really like to see is a separate, distributed config store that securely stores and manages config variables, with a nice admin api and a way to track changes and update servers in real-time (socket.io (http://socket.io) comes to mind). It's definitely something we would pay for. The only thing that would be stored in env vars is some secret key to access the config store. On Mon, Oct 29, 2012 at 12:39 PM, Keenan Brock kee...@thebrocks.net (mailto:kee...@thebrocks.net) wrote: Hi Jay, I really like storing config vars in .env adding the file to gitignore and it doesn't go into the database If you didn't get enough from the heroku-config gem, there are more details are in a heroku article: https://devcenter.heroku.com/articles/config-vars#using-foreman Since foreman knows about the .env file (also written by David), locally it is quite simple to use. And it acts as a recipe to remember what to publish. If you are using pow, you may need to add add source .env to your .powenv you may want to check in a .env.sample file, much the same way you create a database.sample.yml file. So it is quick for people to get up to speed, but the secrets are not checked in. --Keenan On Monday, October 29, 2012 at 2:25 PM, Jay Vyas wrote: It would be nice if heroku gave us a bootstrap script that could be uploaded and downloaded, that came with default templates and commands that we could toggle (like setting env variables and stuff). Does anything like this exist already? Such a paradigm would be great for adding API keys and stuff as env variables . -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com (mailto:heroku+unsubscr...@googlegroups.com) For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com (mailto:heroku%2bunsubscr...@googlegroups.com) For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com (mailto:heroku+unsubscr...@googlegroups.com) For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en
Re: How do you manage your production secrets (API key's etc.) without using source control?
Check out https://github.com/ddollar/heroku-config I store my development environment in .env and my production environment in the Herou app. heroku-config can be used to push/pull while not overwriting existing values so it's easy to have variables with different values in development. On Mon, Oct 29, 2012 at 1:54 PM, Alex Heaton a...@heaton.me wrote: Like the title says, what approaches do you use for keeping private things out of Git? I'm currently considering Foreman and development/production.env files. I can check the former into git, keep the latter private. I'd rather not simply update the heroku config vars manually, I need to keep the secrets all in one place. -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en
Re: How do you manage your production secrets (API key's etc.) without using source control?
Hi Jay, I really like storing config vars in .env adding the file to gitignore and it doesn't go into the database If you didn't get enough from the heroku-config gem, there are more details are in a heroku article: https://devcenter.heroku.com/articles/config-vars#using-foreman Since foreman knows about the .env file (also written by David), locally it is quite simple to use. And it acts as a recipe to remember what to publish. If you are using pow, you may need to add add source .env to your .powenv you may want to check in a .env.sample file, much the same way you create a database.sample.yml file. So it is quick for people to get up to speed, but the secrets are not checked in. --Keenan On Monday, October 29, 2012 at 2:25 PM, Jay Vyas wrote: It would be nice if heroku gave us a bootstrap script that could be uploaded and downloaded, that came with default templates and commands that we could toggle (like setting env variables and stuff). Does anything like this exist already? Such a paradigm would be great for adding API keys and stuff as env variables . -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com (mailto:heroku+unsubscr...@googlegroups.com) For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en
Re: How do you manage your production secrets (API key's etc.) without using source control?
To chime in here a bit, what we and a lot of others I know of would really like to see is a separate, distributed config store that securely stores and manages config variables, with a nice admin api and a way to track changes and update servers in real-time (socket.io comes to mind). It's definitely something we would pay for. The only thing that would be stored in env vars is some secret key to access the config store. On Mon, Oct 29, 2012 at 12:39 PM, Keenan Brock kee...@thebrocks.net wrote: Hi Jay, I really like storing config vars in .env adding the file to gitignore and it doesn't go into the database If you didn't get enough from the heroku-config gem, there are more details are in a heroku article: https://devcenter.heroku.com/articles/config-vars#using-foreman Since foreman knows about the .env file (also written by David), locally it is quite simple to use. And it acts as a recipe to remember what to publish. If you are using pow, you may need to add add source .env to your .powenv you may want to check in a .env.sample file, much the same way you create a database.sample.yml file. So it is quick for people to get up to speed, but the secrets are not checked in. --Keenan On Monday, October 29, 2012 at 2:25 PM, Jay Vyas wrote: It would be nice if heroku gave us a bootstrap script that could be uploaded and downloaded, that came with default templates and commands that we could toggle (like setting env variables and stuff). Does anything like this exist already? Such a paradigm would be great for adding API keys and stuff as env variables . -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en -- You received this message because you are subscribed to the Google Groups Heroku group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en