How do you set S3_KEY and S3_SECRET .env vars in rails / AWS / heroku

1
votes

I'm doing this heroku tutorial.

In the tutorial it mentions I need to set environment variables for S3_KEY, S3_SECRET, and S3_BUCKET.

I've created a S3 Bucket on AWS (Amazon Web Services), and I've used the unique name of the Bucket as my .env (I've created a .env file in my Rails project, and added it to .gitignore) S3_BUCKET variable.

However, in the tutorial I need to set S3_KEY and S3_SECRET.

Where do I find these variables? I can't seem to find them anywhere on AWS/S3. Am I suppose to generate these vars or what's the deal with these?

Second question: I will then have a model Photo that looks like this...

class Photo < ActiveRecord::Base
    has_attached_file   :image,
                        :styles => { thumbnail: "100x100#" },
                        :storage => :s3,
                        :s3_credentials => {    :access_key_id  => ENV['S3_KEY'],
                                                :secret_access_key => ENV['S3_SECRET'],
                                                :bucket => ENV['S3_BUCKET'] }
end

Will this now work in all my environments, including prod on heroku, or do I need to do anything special with heroku?

1
ruby-on-railsherokuamazon-s3environment-variables

1 Answers

2
votes

What you did here below is establish what these variables were for.

:s3_credentials => {    :access_key_id  => ENV['S3_KEY'],
                                                :secret_access_key => ENV['S3_SECRET'],
                                                :bucket => ENV['S3_BUCKET'] }

Now you need to set the actual values of the variables in production.

To create a new key and secret key, go to your AWS management console, and click your name in the top right. Next click security credentials and generate a new access key pair. Use these below.

To set your AWS variables for heroku, do this from the command line:

$ heroku config:set S3_KEY=xxxxxxxxxx S3_SECRET=xxxxxxxxxxxxxxxxxxxxxx

Obviously replace the x's with your actual keys. Check here if you want more info about Config variables: Heroku Config Vars

One final note that you're probably aware of, but is worth mentioning anyways. Make sure you never push an actual AWS key to Github (even a private repo). There are people out scraping Github specifically for AWS keys, and it could cost you a lot of money if they find them.

Regarding your second questions, I would use local storage for test/dev environments. Do something like this:

 if Rails.env.test? || Rails.env.development?
    :storage = :file
 else
    :storage = :s3
 end