I think this solution seems the most Rails 5.2 friendly, but ideally isn't the perfect solution as ideally you could in fact (one day, in Rails 6, say), separate the 3 files themselves, so you could, say, give junior developers access to only development+staging credentials by giving the only the keys for the development + staging master keys (but continuing to check-in all 3 .yml.enc files into source-code. the 3 keys are of course, not checked-in)
But if you have a team where you don't care if all the devs have the same (full) credentials then I like this solution best. -Jason > On Jun 10, 2019, at 8:40 PM, Sampson Crowley <sampsonsproje...@gmail.com> > wrote: > > for rails 5, just nest environment specific credentials under a key for said > environment > > then all you have to do when accessing said config is add the environment to > the party that pulls in config, e.g.: > > credentials.yml.enc: > > main_key: > development: > sub_key: > value_key: 'development' > production: > sub_key: > value_key: 'production' > test: > sub_key: > value_key: 'test' > > code: > > > my_credential = Rails.application.credentials.dig(:main_key, > Rails.env.to_sym, :sub_key, :value_key) > ``` > > On Sunday, June 9, 2019 at 7:40:05 PM UTC-6, Jason Fleetwood-Boldt wrote: > In some apps I've worked on Rails 5.1 and prior, environment variables, saved > directly into the source code. > > In rails 5.2 Custom credentials encourages us to check-in only the encrypted > version of our configuration, and keep our master.key keyfile outside of our > repository. > > My question is this: Is there a way to segregate by environment? (i.e., > development, staging, production?) > > seems like the instructions for setting up AWS keys, for example, would have > the dev, staging + production all pointing to & using the same AWS bucket, > access key, and secret. But it seems like for many services I'd want to have > different credentials for different environments. > > I found this SO post that discusses this question, but unfortunately it > doesn't present a very good answer IMHO because the there are only two > answers: 1) I don't quite understand and 2) a suggestion to basically check > all your ENV variables against each of your environments, which seems like it > could encourage a messy setup. I much like answer #1 from this SO post, but I > don't understand how to implement it practically. > > https://stackoverflow.com/questions/53642152/how-to-manage-credentials-for-different-environments-in-rails-5-2 > > <https://stackoverflow.com/questions/53642152/how-to-manage-credentials-for-different-environments-in-rails-5-2> > > any tip appreciated. > Thanks, > Jason > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscr...@googlegroups.com > <mailto:rubyonrails-talk+unsubscr...@googlegroups.com>. > To post to this group, send email to rubyonrails-talk@googlegroups.com > <mailto:rubyonrails-talk@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/01fa12ca-06f5-4246-bead-503af4bf1a5c%40googlegroups.com > > <https://groups.google.com/d/msgid/rubyonrails-talk/01fa12ca-06f5-4246-bead-503af4bf1a5c%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/C2DFCFDD-69CD-4A7C-A7C3-1898210E9B42%40datatravels.com. For more options, visit https://groups.google.com/d/optout.
