Security is and will always be a very big deal, this is largely true in all spheres of life but more-so in software development. One costly mistake can leave you vulnerable to stolen API Keys and Secrets, we wouldn't want that now, would we?
Figaro is a rubygem that uses a single YAML file located in the config directory, to hide environmental variables.
To set it up, simply add the following to your Gemfile located in the root directory of your rails app
in your terminal to update all gems which will now include the figaro gem.
Now for the fun part, run
bundle exec figaro install
This creates a
file in the root directory of your project and also adds the application.yml file to the .gitignore preventing the file from being uploaded to the various version control repository management services.
Let's say we were working with the cloudinary API for image uploads, cloudinary usually provides us with a couple of environmental variables. To use them in an application after installing and setting up figaro, simply add the following to the
CLOUDINARY_NAME: "2954" CLOUDINARY_API_KEY: "7381a978f7dd7f9a1117" CLOUDINARY_API_SECRET: "abdc3b896a0ffb85d373"
To use any of them in any part of your application, simply call them as follows;
where you would have otherwise called