Terry Threatt

Posted on Aug 15, 2020

How to secure your private keys.

#privacy #beginners #ruby #tutorial

Security is key

Security in your application should be a large priority for a developer. Anyone having access to your sensitive information can wreck havoc in your application and possibly your personal information. Even if it is a pet project to learn, It is always good practice to ensure you secure your keys. I will walk through a simple application to demonstrate how to secure your private keys to prevent anyone to publically access your secure information.

Let's get started:

Let's create a Rails application.

$ rails new blog

This command requires Ruby on Rails to be installed. Click here for installation

Let's navigate to our new app and generate some models, controllers, and views.

$ cd blog
$ rails generate scaffold post title:string body:text
$ rails generate scaffold comment post_id:integer body:text
$ rake db:migrate

Let's add a few gems.

// file: blog/Gemfile
// Add these into the file

...
gem 'dotenv-rails', groups: [:development, :test]
gem 'omniauth-google-oauth2'
...

dotenv - Popular gem that allows you to hide your private keys.
omniauth - Gem that allows you to create authentication in your app.

Click here to get API keys

Execute gem installation

$ bundle 
$ rails server

Configure omniauth

// Create this file => blog/config/initializers/omniauth.rb 
// Add this snippet 

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :google_oauth2, '123456789', 'Your_Client_Secret'
end

Notice provider :google_oauth2, '123456789', 'Your_Client_Secret'. This is where you can put your secret keys but they wouldn't be very secret here.

Configure omniauth

// Create this file => blog/.env 
// Add your secret credentials 

GOOGLE_CLIENT_ID = '123456789'
GOOGLE_CLIENT_SECRET = 'Your_Client_Secret'

Update omniauth

// replace you secret keys 

provider :google_oauth2, ENV[GOOGLE_CLIENT_ID], ENV[GOOGLE_CLIENT_SECRET]

Prepending ENV will give you access to the environment key we created for your secret credentials in the .env file.

Hide your secret file

// Locate your gitignore file => blog/.gitignore
// Add this snippet

# This hides your file from being uploaded to your repository
  .env

Now you are able to rest assured your secret API keys are indeed secret and your application still has access when needed. I hope this helps keep your next project secure. If you enjoyed this article please feel free to follow me.

Terry Threatt

DEV Community

How to secure your private keys.

Security is key

Let's get started:

Let's create a Rails application.

Let's navigate to our new app and generate some models, controllers, and views.

Let's add a few gems.

Execute gem installation

Configure omniauth

Configure omniauth

Update omniauth

Hide your secret file

Top comments (0)

Read next

Selective Attention Boosts Transformer Performance on Language Tasks

AI-Powered Code Completion: Faster, Smarter, and Fully Local Editing for IntelliJ IDEs

Frontier AI Developers Need Internal Audit Function to Address Key Governance Challenges

Unlock the Power of Node.js with NodeMaven