sinatra 中存储管理员密码的位置 + Heroku 应用程序？

发布于 2024-10-20 07:48:14 字数 212 浏览 1 评论 0原文

我有一个在 Heroku 上运行的小型 Sinatra 应用程序，它使用单个管理员密码以及几个 API 身份验证密钥。

存放这些东西的最佳地点在哪里？我是否将它们放入环境变量中并使用

heroku config:add ADMIN_PASSWORD=foobar

？或者我是否使用包含它们的配置文件，并且我只是不提交配置文件？

原文

I have a small Sinatra app I'm running on Heroku that uses a single admin password, plus a couple API authentication keys.

Where's the best place to store these things? Do I put them in environment variables, and use

heroku config:add ADMIN_PASSWORD=foobar

? Or do I use a config file that contains them, and I simply don't commit the config file?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

羁〃客ぐ 2024-10-27 07:48:14

我将 API 密钥和此类内容粘贴在配置 yaml 中，就像这样

development:
  twitter_api_key: stringstringstring 
  chunky: bacon
production:
  twitter_api_key: gnirtsgnirtsgnirts
  foo: bar

，然后使用 Sinatra 的内置 set 来处理数据。

configure do   
    yaml = YAML.load_file(settings.config + "/config.yaml")[settings.environment.to_s]
    yaml.each_pair do |key, value|
      set(key.to_sym, value)
    end
end

然后我可以从 settings 对象访问它们。不过，我不确定为什么您不提交配置文件。。。这里不存在重大安全风险，因为只有您明确定义的路径才能通过网络访问。我想如果您不想将管理员密码放入数据库，则可以以相同的方式存储它，但我至少会使用盐。

请注意，在定义您自己的配置设置时，不要触及 Sinatra 的配置设置。

编辑：

我想我刚刚意识到为什么您不想提交配置文件。如果您正在开发一个开源项目，您当然不想将配置文件提交到您的开源存储库，但您需要将文件提交到 Heroku 才能使其正常工作。如果是这种情况，我会：

使用两个单独的本地存储库：一个用于开源项目，一个用于 heroku 项目。只需将开源项目设置为 Heroku 项目中的上游存储库，即可获取更改。
将 API 密钥和加密/加盐密码放入数据库中； MongoHQ 为 Heroku 用户提供免费套餐，作为使用 MongoDB。

I stick API keys and that sort of thing in a config yaml, like so

development:
  twitter_api_key: stringstringstring 
  chunky: bacon
production:
  twitter_api_key: gnirtsgnirtsgnirts
  foo: bar

then use Sinatra's builtin set to handle the data.

configure do   
    yaml = YAML.load_file(settings.config + "/config.yaml")[settings.environment.to_s]
    yaml.each_pair do |key, value|
      set(key.to_sym, value)
    end
end

And I can then access them from the settings object. I'm not sure why you wouldn't commit the config file, though . . . there's no major security risk here, since only those paths that you've explicitly defined can be accessed via the web. I guess the admin password could be stored in the same manner if you don't want to put it in a database, but I would at least encrypt it with a salt.

Just be careful not to step on Sinatra's Configuration settings when defining your own.

EDIT:

I think I just realized why you would prefer not to commit the config file. If you're working on an open source project, you certainly wouldn't want to commit the config file to your open source repo, but you would need to commit the file to Heroku in order for it to work. If this is the case, I'd either:

Use two separate local repos: one for the open source project, and one for the heroku project. Just set the open source project as an upstream repository in the Heroku project, then you can fetch changes.
Put both the API keys and encrypted/salted password in a database; MongoHQ offers a free tier to Heroku users as an addon for simple nosql storage using MongoDB.

回复收藏 0 原文

~没有更多了~