It says in the docs they recommend to use separate keys for development and production I have my site keys stored in .env
CodePudding user response:
I have my site keys stored in .env
dotenv is only supposed to be used for development. It's a convenience for developers to be able to set environment variables. However, because it is a file on disk it loses the security advantages and configuration convenience of environment variables. It should not be checked into version control, and it should not be deployed to production.
For production, put your secrets in environment variables. Most cloud production environments include convenient interfaces to set environment variables for your deployments.
Alternatively, put your secrets in Rails encrypted credentials.
CodePudding user response:
Just use different .env
file on your server
Or create .env.production
file. If you use dotenv gem, it has higher priority
https://github.com/bkeepers/dotenv#what-other-env-files-can-i-use
Of course both files must be git ignored
Or use rails credentials. In new rails (probably since 6.0) you can use different credentials in different environments