Safely storing Api Keys and App Credentials in Ruby on rails

Why secure the API keys?

For safety purposes and to secure your app from malicious people who may use your keys to make unnecessary requests thus making it hard for you to get access to your services (especially when the endpoints have a daily cap) or spamming your API.

Step 1: Install dotenv

To install dotenv, run this command in your terminal:

gem install dotenv

Then add the gem to your Gemfile and run bundle to execute

#1
gem 'dotenv-rails', groups: [:development, :test]
#2
bundle

Step 2: Create a .env file in your root folder and add your credential variables

WEBHOOK_URL = "dfghjkliuytrsdfg"

Step 3. Add the.env to .gitignore so that it doesn’t get published to Github when you push your code thus your key doesn’t get exposed.

Step 4. To reference the credential in the app, use:

ENV["WEBHOOK_URL"]