search

carrierwaveuploader / carrierwave-google-storage

Carrierwave storage adapter that supports Google Cloud Storage and is based on gcloud library from Google
MIT License
62 stars 72 forks source link

I need to be able to use environment variables instead of a .json file #29

Closed JTensai closed 3 years ago

JTensai commented 5 years ago

My rails app is hosted on Heroku. I do not believe I can have a file on heroku that exists outside the repository and I would very much like to not include my keyfile.json in my commit history. I do this everywhere else by using environment variables: ENV['KEYFILE_CONTENTS']

That way I can have a dev version and a production version and leave them out of commit history.

Is there anyway to do something like this:

  config.gcloud_credentials = {
    gcloud_project: ENV['PROJECT_NAME'],
    gcloud_keyfile_contents: ENV['KEYFILE_CONTENTS']
  }

Thanks!

jasdeepsingh commented 5 years ago

Hi @jtensai

Thanks for your question. I understand that this is an issue and it becomes even more prominent in a Heroku like 12-factor environment.

On a normal old school server or VPS, suggested approach would be to simply create a file manually on the server and go about your day, but on Heroku or even Docker containers it becomes challenging because there is no way to SSH or SCP any files after the fact (on Docker there is, but obviously we don’t want to SSH everytime a new container is deployed)

So, the suggested approach is to encrypt your Keyfile and check it in source code. Just like how secrets.yml.enc is encrypted and the key to unlock is a simple RAILS_MASTER_KEY environment variable.

This question was asked earlier here:

https://github.com/metaware/carrierwave-google-storage/issues/20

Please take a look and let me know if you have any further questions? In the meantime, I’ll review the code again and see if the whole file can be simply dropped in as an environment variable - If not, i’ll see if we can include/build this functionality in the new release.

uneeq commented 5 years ago

@jasdeepsingh Hey mate! Fog guys already implemented that. Please update your GC connection: https://github.com/metaware/carrierwave-google-storage/blob/master/lib/carrierwave/storage/gcloud.rb#L44

REF: https://github.com/fog/fog-google/blob/master/test/integration/test_authentication.rb

chloerei commented 5 years ago

Google SDK accept String, Hash, Google::Auth::Credentials as param.

https://github.com/googleapis/google-cloud-ruby/blob/c2ce0037508be8133d252e3eb31d8c20bdae2e6a/google-cloud-core/lib/google/cloud.rb#L45-L47

So just use:

config.gcloud_credentials = {
    gcloud_project: ENV['PROJECT_NAME'],
    gcloud_keyfile: JSON.parse(ENV['KEYFILE_CONTENTS'])
  }
jasdeepsingh commented 3 years ago

Closing this issue, since a response above was provided.