Protecting APIs keys on Git-hosted Ruby project

Question

I'm not really sure where to start with this. I'm making a Ruby project that interfaces with a dictionary API, and uses an API key. I don't want anybody and his uncle to be able to see this key, but the project will have to be hosted on GitHub. How can I go about doing this, and accessing the key from the Ruby program?

Clarification: this is for a class, and we have to use GitHub

Answer 1

Use the Figaro gem. Documentation

Basically you will use a file called application.yml and store environmental variables. Double check that application.yml is listed in your .gitignore file so nobody can view it on github.

You could set:

# application.yml
API_KEY: my_api_key_here

And then you could set it to another variable in your app with:

# anywhere in your app
api_key = ENV['API_KEY']

For production, you can use Figaro's commands to sync your env variables with Heroku.

Answer 2

Normally, you'd put such things in a file like this:

DICTIONARY_API=key_goes_here

and check in a version of the file (named .example or .sample or something) which just contains blanks:

DICTIONARY_API=

Or you could read the key from the environment, using ENV. If you host on Heroku, this is recommended. See also the Dotenv gem and the ENVied gem.

I've seen both methods combined (especially when using Dotenv) by making a .env file for local/non-heroku usage, and using Heroku's config settings on Heroku.