I was recently coding on a Ruby/React app feature requiring a fetch to a third party’s database. The fetch required 5 different keys, including account id’s and a secret key, which I didn’t want anybody to see. My first impulse was to send the request on the client side but I didn’t want to expose any of these private keys as they would show up in my code pushed to GitHub. Previously I would include this information in the .gitignore file but I wanted to try a different approach this time. I felt like fetching from the backend might be a safer way to go. As I was doing some research on best practices I came across a ruby gem that seemed to be the perfect solution: Figaro.
What is Figaro
Figaro is a Ruby gem that encourages convention to keep sensitive information out of Git. It does this using the Twelve-Factor App methodology which basically stores key/value pairs in a gitignore file. This cuts down on the accidental exposure of sensitive data and credentials when working on projects.
How to Use
Simply open your Gemfile and add:
bundle exec figaro install
this will generate an application.yml file and automatically add it to the gitignore file at the same time. Look in the file tree and find your newly generated application.yml and it should looks something like this:
Isn’t that nice? They included some sample code for reference. In this file we can make key/value pairs then use the key anywhere in our app to get the desired value. If we open up our gitignore file we can see that it has been added:
Git on With Your Life
Using Figaro allowed me to comfortably setup my fetch requests without having to worry about leaking sensitive information onto Github. I highly recommend setting up a simple application solely to test this gem. It isn’t difficult to get started and the possibilities are endless.