Rader on Rails

Dispatches from my web development journey.

My First App Deploy to DigitalOcean (Be Aware of Secrets.yml)

I’ve developed a lot of respect for dev ops over the last couple days. In my beginning developer days, I was, of course, introduced to Heroku, as their platform makes it incredibly easy to deploy your app online. While Heroku is great, if you’ve got an application that sees a lot of traffic and requires a few worker dynos, you’ll be surprised at how quickly the price jumps from free to less affordable.

At DevShop, we use DigitalOcean, a more developer-friendly and less expensive choice for deploying your web app.

Deploying to DigitalOcean is a little more involved than what I’m used to. While the process gets quicker the more you do it, there are about 40 unique steps involved.

I’ve been battling with an internal server error over the past couple days while trying to deploy my first app to Digital Ocean, and it turned out the bug was very simple fix that had to do with a new addition to Rails: the secrets.yml file.

In Rails 4.1, all apps come with a secrets.yml file, a convenient file for storing all your sensitive environment information, such as API keys, as well as the secret token Rails uses to protect session variables. In previous versions, this was handled by the secret_token.rb file in the initializers folder. In the new secrets.yml file, your production secret key is not automatically generated. I didn’t understand why my app wasn’t appearing on the production site until I viewed the Apache logs that led me to the discovery.

The moral of this story is – be aware of what version of Rails you’re installing, and make sure you read up on all the changes made.

A little more on secrets.yml

For previous Rails apps, I used the figaro gem to store application secrets. With secrets.yml, it would at first seem that there’s little need for the figaro gem. There are a few important things to consider when comparing the new Rails convention for storing secrets and figaro, which the creator of figaro, Steve Richert, outlines nicely here. One of the main drawbacks to secrets.yml that Steve outlines is that it doesn’t use ENV, so secrets.yml needs to be installed on every application server. Figaro nicely merged the secrets set into the application’s env vars, making it easy to use for deployment. Also, secrets.yml is not automatically added to your .gitignore file, which figaro handles for you.

This new Rails convention will likely continue to improve in future releases, so it’s worth keeping an eye on.