In Rails 5.1 they implemented built-in encrypted secrets. We could store all secret production ENVs in a file that is checked into version control, but it encrypted. The only thing we'd have to store outside of the repo would be the one key that is used to decrypt the secrets file.
Questions/Notes:
Would this work okay on Heroku?
For debugging the production environment locally (which happens rarely), we'd want to be able to go back to using a .env file because we don't want to share the production decryption key with everyone. Is this possible?
Find a couple blog articles written by people who've tried this. Did they like it?
In Rails 5.1 they implemented built-in encrypted secrets. We could store all secret production ENVs in a file that is checked into version control, but it encrypted. The only thing we'd have to store outside of the repo would be the one key that is used to decrypt the secrets file.
Questions/Notes: