config/Use application credentials for different envs

Author: LewisYoul

config/credentials.yml.enc

@@ -1 +1 @@
-5J1hm3PZjrwJ5nDeWBOk0OaGx9yN768sqFotFsr9TGu19lj4SLSAjj7UZBucQncqrQBL7ZMprj+s0v57kr68mvkYUKQZcKvLyXFFi4HUGc6ZLiMvaXjmcYL0czypj5T7qmb2eA1w+jR+9T43CNSOs2WwR5cVgmRyqkr8qn3bOJZV3wKrwxVPMKiz/Psdf01tYvFxnaXwn7XB2jjPDW0j/BVf0pZpLg8JJql86HmUUbnRxcneXqj82eGGlubAs5BwXTRoNHpTO1HZk3VjcilXs5NMN2aez9wbZhHr63Db7h2itZ/riv5zkjjMCIbntjUw53NpryLNIlQL4zEQiSiQkP/6ePfGVU6eD6rDd5CyJ765yLftRLFkOMnJTLKuCTlpmLtXQA0wxabqisZpbvT4Xj699d8W8INveLAh9TRH/h4Y4WzjS7WqPQam1IAERAnpzfCnjCPe+seqUYQmF1dU3ef5Oxlz0o4YBaDBBQ==--wVy4RLCOhoOQts5b--UYytvnGBmR/To23uVD75FQ==
+PQznB7tzzXU8akEPdC7Pxq/Ut4qXC4Wa+YIFB/awfAHBrcMi8uZIYXmri1sVVOUL/o0NAnZ1BFzoDRx07kmdh6TSWVXC+h11Tz9AUewu1zpOiDC/7fTWeygBSUXPq+ItKsah2e5Wb+j4Ng+Mip9ISL+QX04ockjNgjdZwVJxxQNRSxbxPKpYOgLshB2kfCMELmGU9F9rk1+/fppiHk63TmipLXLAnFQSSSX7Yui+iTZDNRfzKUIgsQK5Z/Gj3r4Uf7och0asxQzleslwKGffN2XAsHCyuzF/PE9mh05G/vgvnPQZblLlcOL33qCZwe6U94ipz1hIGY5XzcD5Viae+VchRKGf287u5SUvLYWfdtD6R+vi2pib66U2mDVz5cQgtnjw4jeqTUbqZqXcSMnu7F9IyS0sP0FMheiVhJ0ZQihT+WZ2tydZvlIaYTct6Nrz1WlIw34bt06EozOWuW+fL75RUQQeysvMwqwHk1qGzFJ2mxZCwEdZPtjHAymDl+rNZOeZ29dje3caLHMpo4kZQCi2LZ79N+W8MihD7GDofJmGlgIbC0WIy3hkHIqegO9zuZzCPuWvjoRXX7p6Qbbi4HBlfak5kAEflbQ0qSs2ZguWfu3JlrSiDWnrZ1gtweMyj7PWb3+iPNraG7jfNJhnEGW4mHxPDmBzvubrXoiwjdpuV1vlTtQ6Vg52fH3DodvMdgMw4/WnVfsJ3xRI6mLxmNi7sH+pli5Ej8fBZE2aUIqAw8KBVXR+xJK7gG/vAt+xgiAiZrm5e1hIepYlfNnwOfp5TIZY7lGXPl+SqPnaYiF1E7/W/bdqXeSeHwhVALj+rS92ORIrIAZXAbELlF6SRHYBoy314BVe8V6orvuO8XXwvpG32RgsfBk71mXydzYuD8w2Ld4v7KX1xyao7lG/9nFgspnv4NtHnTy+RHnpMLgDAaqS6LTUxLScJuqHmfbi4R7t4uzytKaKxYZ2SA2FQ9vCxhETG69f99eNY/TEmThmKVJ3wWRhm4naXGtQOEZGAK0I+By6q96RCQgf2jswMlfgG8ak2mHGjzNhCxTNDpgORdyT2qMj1pfM2I1VW2qIBalaFXlTrr0Pj3ylmwVQ/mftpS61qEzu7oFCfLWLv20pwkzoH1zD9ySP4nW596Tj43ZxqG03frwnBYuvOLxxdeJ5f7GLRqaJMpyu2xGxWMGwO4YLx/Dh6TqTg5SPwUsKp4SYil2SzlM0WvTCP5zyBdDN2CGGlrG2Dv/5rIRU/Oj/oGx0ab6s4JLQ85xoCFVcg0ZTdLk8zhS9fumTauqqlrXafnIZhfFMVtVMvr2tAGQit9n10e7HAS0AuY49dqbLTbnacRW3rtNlwN62J20pEpHQ6hD9Qqx3mSeempwxI7mMcM09sdE8Ca3O+CX3+UNgJomD5i3Uzq500H/SIcOlJA17CzhD+hbQkL3c9CDShpgHsIbYy4Gp7/WP1t9jlJNQz3l6dqvfbkE8MxOqj5h6uRuBtg9EQ9itrMXtYvZGoSmC8VwMzX2dLqgCPildlH9TJ4E9xMUUZ6hPcaiIYFwnDQtikG8/LV84bk06EA/bCG37R59bzDdtvtSMb98M2N8TYVKfskngi+5lfNaGh/IKP20WSQ5Fi/9Vw2UZGIhgoZXvv5sk8SwSMb0lJAieIJiqUh5wYJw8GJZ654PG+ba4CXArqcrTzK1RDJVhRJdQM1lRwytVd2orkgIK88F+o1RJlXhffw6PEGTDyu7W+777OeWUQi3VSWcVZKqNI46T0YLEdAeSKJyQ4fF7JoZsEFqel4K2nvMKrmbzBJqHFLA2dSGKtWDl0mVjGZkO04q5DaY4qNCVMK8KHPW0/T2lMQO7u7jp64AgU9AR4YRSxBMOttKKksDXYERlmAp3InXx7mfa8Qt+Z+e6Pgzww48Jnk/cqbRbgw1alanvaXiwbcLFVaZp1UbJF+Z376j0NnEr19OlCiTtUB9glC0YLw7GXV8+0a+P+i84Diw/3tqPZ9O6uHX1saJOekZUhi83visa1HktEwVvxYjBjDBeMoU373wLMpsEZPlqDZIakE6GXY4q5dEYNL1KFoMpUaOIGoYnb0ZcHR9yzakkV/F7t9/LMn05u4j2p0nctS1VeLyH94kcs2KIv5NcejpD1dIOtTJ+PykS4Qc4xqeL0j+9Uced8Rsd--IVHXAZOj7H/0w/jQ--JQmRSxKly7QcRXNVNFIeaQ==

config/environments/production.rb

@@ -83,7 +83,7 @@
     :port => 587,
     :authentication => :plain,
     :user_name => 'apikey',
-    :password => ENV['SENDGRID_API_KEY'],
+    :password => Rails.application.credentials.dig(Rails.env.to_sym, :sendgrid, :password),
     :domain => 'heroku.com'
   }
 

config/environments/staging.rb

@@ -0,0 +1,140 @@
+Rails.application.configure do
+    # Settings specified here will take precedence over those in config/application.rb.
+  
+    # Code is not reloaded between requests.
+    config.cache_classes = true
+  
+    # Eager load code on boot. This eager loads most of Rails and
+    # your application in memory, allowing both threaded web servers
+    # and those relying on copy on write to perform better.
+    # Rake tasks automatically ignore this option for performance.
+    config.eager_load = true
+  
+    # Full error reports are disabled and caching is turned on.
+    config.consider_all_requests_local       = false
+    config.action_controller.perform_caching = true
+  
+    # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
+    # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
+    # config.require_master_key = true
+  
+    # Disable serving static files from the `/public` folder by default since
+    # Apache or NGINX already handles this.
+    config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+  
+    # Compress CSS using a preprocessor.
+    # config.assets.css_compressor = :sass
+  
+    # Do not fallback to assets pipeline if a precompiled asset is missed.
+    config.assets.compile = false
+  
+    # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+    # config.action_controller.asset_host = 'http://assets.example.com'
+  
+    # Specifies the header that your server uses for sending files.
+    # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
+    # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+  
+    # Store uploaded files on the local file system (see config/storage.yml for options).
+    config.active_storage.service = :amazon
+  
+    # Mount Action Cable outside main process or domain.
+    # config.action_cable.mount_path = nil
+    # config.action_cable.url = 'wss://example.com/cable'
+    # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
+  
+    # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+    # config.force_ssl = true
+  
+    # Use the lowest log level to ensure availability of diagnostic information
+    # when problems arise.
+    config.log_level = :debug
+  
+    # Prepend all log lines with the following tags.
+    config.log_tags = [ :request_id ]
+  
+    # Use a different cache store in production.
+    # config.cache_store = :mem_cache_store
+  
+    # Use a real queuing backend for Active Job (and separate queues per environment).
+    # config.active_job.queue_adapter     = :resque
+    # config.active_job.queue_name_prefix = "snippet_app_production"
+  
+    config.action_mailer.perform_caching = false
+  
+    # config.action_mailer.delivery_method = :smtp
+    # config.action_mailer.default_url_options = { host: "https://www.snippetsafe.com" }
+    # config.smtp_settings = {
+    #   :user_name => ENV['SENDGRID_USERNAME'],
+    #   :password => ENV['SENDGRID_PASSWORD'],
+    #   :domain => 'snippetsafe.com',
+    #   :address => 'smtp.sendgrid.net',
+    #   :port => 587,
+    #   :authentication => :plain,
+    #   :enable_starttls_auto => true
+    # }
+  
+    config.action_mailer.raise_delivery_errors = true
+    config.action_mailer.default_url_options = { :host => 'snippet-safe-staging.herokuapp.com/' }
+    config.action_mailer.perform_deliveries = true
+    
+    ActionMailer::Base.smtp_settings = {
+      :address => 'smtp.sendgrid.net',
+      :port => 587,
+      :authentication => :plain,
+      :user_name => 'apikey',
+      :password => Rails.application.credentials.dig(Rails.env.to_sym, :sendgrid, :password),
+      :domain => 'heroku.com'
+    }
+    
+    ActionMailer::Base.delivery_method = :smtp
+  
+    # Ignore bad email addresses and do not raise email delivery errors.
+    # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+    # config.action_mailer.raise_delivery_errors = false
+  
+    # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+    # the I18n.default_locale when a translation cannot be found).
+    config.i18n.fallbacks = true
+  
+    # Send deprecation notices to registered listeners.
+    config.active_support.deprecation = :notify
+  
+    # Use default logging formatter so that PID and timestamp are not suppressed.
+    config.log_formatter = ::Logger::Formatter.new
+  
+    # Use a different logger for distributed setups.
+    # require 'syslog/logger'
+    # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+  
+    if ENV["RAILS_LOG_TO_STDOUT"].present?
+      logger           = ActiveSupport::Logger.new(STDOUT)
+      logger.formatter = config.log_formatter
+      config.logger    = ActiveSupport::TaggedLogging.new(logger)
+    end
+  
+    # Do not dump schema after migrations.
+    config.active_record.dump_schema_after_migration = false
+  
+    # Inserts middleware to perform automatic connection switching.
+    # The `database_selector` hash is used to pass options to the DatabaseSelector
+    # middleware. The `delay` is used to determine how long to wait after a write
+    # to send a subsequent read to the primary.
+    #
+    # The `database_resolver` class is used by the middleware to determine which
+    # database is appropriate to use based on the time delay.
+    #
+    # The `database_resolver_context` class is used by the middleware to set
+    # timestamps for the last write to the primary. The resolver uses the context
+    # class timestamps to determine how long to wait before reading from the
+    # replica.
+    #
+    # By default Rails will store a last write timestamp in the session. The
+    # DatabaseSelector middleware is designed as such you can define your own
+    # strategy for connection switching and pass that into the middleware through
+    # these configuration options.
+    # config.active_record.database_selector = { delay: 2.seconds }
+    # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
+    # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
+  end
+  

config/initializers/devise.rb

@@ -259,10 +259,13 @@
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
-  config.omniauth :github, 'c9ba150c81465d914e7c', '9ef7c9d7a3d348911dc1108c71c3769c835c5374', scope: 'user'
+  github_client_id = Rails.application.credentials.dig(Rails.env.to_sym, :github, :client_id)
+  github_client_secret = Rails.application.credentials.dig(Rails.env.to_sym, :github, :client_secret)
+
+  config.omniauth :github, github_client_id, github_client_secret, scope: 'user'
 
   OmniAuth.config.before_request_phase do |env|
-      env['HTTP_REFERER'] = nil
+    env['HTTP_REFERER'] = nil
   end
 
   # ==> Warden configuration

config/storage.yml

@@ -9,10 +9,10 @@ local:
 # Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
 amazon:
   service: S3
-  access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
-  secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
-  region: eu-west-2
-  bucket: snippet-production
+  access_key_id: <%= Rails.application.credentials.dig(Rails.env.to_sym, :aws, :access_key_id) %>
+  secret_access_key: <%= Rails.application.credentials.dig(Rails.env.to_sym, :aws, :secret_access_key) %>
+  region: <%= Rails.application.credentials.dig(Rails.env.to_sym, :aws, :region) %>
+  bucket: <%= Rails.application.credentials.dig(Rails.env.to_sym, :aws, :bucket) %>
 
 # Remember not to checkin your GCS keyfile to a repository
 # google: