Using Secure Credential Management with Figaro in a Rails App
In this lesson, we are going to talk a little bit about the Figaro gem and learn how to integrate it with our application. To refresh, Figaro is a gem that allows you to manage API keys and environment variables in a secure way. An alternative to the Figaro gem is the dotenv gem.
Guide Tasks
  • Read Tutorial
  • Watch Guide Video
Video locked
This video is viewable to users with a Bottega Bootcamp license

In this lesson, we are going to talk a little bit about the Figaro gem and learn how to integrate it with our application. To refresh, Figaro is a gem that allows you to manage API keys and environment variables in a secure way. An alternative to the Figaro gem is the dotenv gem.

Since we have figaro already, all that we have to do now is to run the installer. To do that, go to your command line and type:

figaro install

medium

This code creates a file called application.yml inside our config directory, and also appends the gitignore command because we don't want this application.yml file to get uploaded to our github repository.

Next, got to the application.yml file and copy-paste this code into it.

large

The first two values are your credentials to log into AWS. The next two values give you access to the development and production environments. The naming conventions are based on an established good practices, so it's best you follow them. As a side note, I showed my API keys for the sake of the tutorial, and then I removed them from my AWS account since you'd never show these values to anyone since hackers could use them to hijack your account.

The advantage with Figaro is you don't have to type out these values in the application, as they are readily available when needed.

So, this is how you integrate figaro with your application.