Security is and will always be a very big deal, this is largely true in all spheres of life but more-so in software development. One costly mistake can leave you vulnerable to stolen API Keys and Secrets, we wouldn't want that now, would we? Introducing Figaro Figaro is a rubygem that uses a single YAML file located in the config directory, to hide environmental variables. To set it up, simply add the following to your Gemfile located in the root directory of your rails app gem "figaro" Then run in your terminal to update all gems which will now include the figaro gem. bundle update Now for the fun part, run exec figaro install bundle This creates a file in the root directory of your project and also adds the file to the .gitignore preventing the file from being uploaded to the various version control repository management services. config/application.yml application.yml Usage Let's say we were working with the cloudinary API for image uploads, cloudinary usually provides us with a couple of environmental variables. To use them in an application after installing and setting up figaro, simply add the following to the file config/application.yml CLOUDINARY_NAME: "2954" CLOUDINARY_API_KEY: "7381a978f7dd7f9a1117" CLOUDINARY_API_SECRET: "abdc3b896a0ffb85d373" To use any of them in any part of your application, simply call them as follows; Use ENV[ ] "CLOUDINARY_NAME" where you would have otherwise called . "2954"