Reputation:
Where do I place Stripe's publishable and secret keys?
I work in development environment.
I have a stripe.rb file under /config/initializers which its contents are:
Rails.configuration.stripe = {
:publishable_key => ENV['PUBLISHABLE_KEY'],
:secret_key => ENV['SECRET_KEY']
}
Stripe.api_key = Rails.configuration.stripe[:secret_key]
I tried to place them there ( in the ENV['key-here'] ) but Stripe doesn't recognise them and returns an error.
For making it work, I pass them before launching my rails server like that:
PUBLISHABLE_KEY=pk_test_XXXXXXXXXXXXX SECRET_KEY=sk_test_XXXXXXXXXXXX rails s
Where do I place these values in my Rails app? (as I will soon deploy in production)
Thanks
Upvotes: 5
Views: 3814
Answers (1)
Reputation: 7714
Where do I place these values in my Rails app?
You don't.
You don't want those to be in your source code, as anyone with access to your source code could then access your Stripe account (and start making your customer pay...).
They should be in your environment variables on the server. If this look inconvenient to you, you can take a look at figaro which is made to help you regarding sensitive information.
Be careful that if your yml file is not written by you (e.g, if some content is injected), it has some safety risk (someone could inject malicious code there). You can use safe_yml to prevent those kind of risk.
Finally, if you are deploying on Heroku, you can configure variables there which will be available to your application.
Upvotes: 6
Related Questions
- Where to set stripe API key in rails application?
- Rails 5.1 secrets and Stripe using wrong key
- How to use Stripe's secret key and publishable key?
- valid publishable key set, yet get no valid publishable key set
- Ruby on rails - Stripe : "you did not set a valid publishable key"
- What's the purpose of the secret key for stripe? Also, is this safe?
- unsure where to put Stripe API call
- Confused about how to properly use secret keys
- Where to configure development API keys rails 4
- Adding stripe to rails app