I need to store an encryption key that is going to be accessed through the application globally. Is there a storage place for settings and configs? I tried searching b开发者_运维知识库ut couldn't come up with anything.
There's several ways to do something like this.
The simplest way to make something like that globally available to your app is to define a constant within config/environment.rb (or config/environments/production.rb.
However, with sensitive data it's important that they're decoupled from your primary SCM and only available within the production environment - at least this way, if your code is compromised, your encryption key is safe.
There's a couple of methods of doing this that I know of - one would be to set they key in an environment variable, which can then be accessed in Ruby through ENV['variable_name].
Another option is to store it in an external file that's de-coupled from your code repository, then have that read in with an initializer.
Whichever way you do it, you can combine this approach with a constant declaration in config/environment.rb:
# config/environment.rb
ENCRYPTION_KEY = ENV['encryption_key']
This way, should you change the storage location of your key, you only need to change one line of code.
You can set all your secret constants in a config/initializers/01_secrets.rb file. Here are a few things to think about:
The 01 prefix is to make sure that the secret constants are set before other initializers that make use of these constants are loaded.
The 01_secrets.rb file should not be checked in to your SCM.
The server(s) that store this file must be properly secured and the file itself should have maximum security.
E.g.
# config/initilizers/01_secret.rb
ENV['ENCRYPTION_KEY'] = "your_key"
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论