GCloud Rails application and keeping Redis password in an .env file

I have a Rails 5.2.3 (Ruby 2.6.3) project hosted on Google Cloud.

I'm currently working on setting up Sidekiq and Redis, following this guide from Google's docs.

I've decided to go with the foreman option in the Deploying to App Engine flexible environment section of the docs, and am stuck on figuring out the app.yaml file. Specifically, I'm stuck on how I can supply the Redis URL, Redis password and Rails Secret Key without exposing it in plaintext in my git history.

I can't find info about this anywhere on the GCloud site. The only mention of ENV files I found are these pages of the GCloud docs, but these only make it so that I can specify specific ENV variables to make available to my app on GCloud, which isn't applicable to me in this situation.

Is there any way for me to have the app.yaml file read from my .env, or even better, from my secrets.yaml file?

1 answer

  • answered 2021-06-18 13:48 Sensanaty

    I actually realized today that I misinterpreted the docs, although Google didn't do a great job in the first place with making this clearer.

    If you look at the docs I referenced in my OP, they do clarify that the environment_variables simply enables you to pass ENV variables into the app via the app.yaml file. I don't actually need to supply this section from the docs

    env_variables:
      REDIS_URL: redis://[REDIS_IP_ADDRESS]:6379
      REDIS_PASSWORD: [PASSWORD]
      SECRET_KEY_BASE: [SECRET_KEY]
    

    The above can simply be provided in the sidekiq.rb initializer with an .env or credentials.yml file instead, keeping things secure.

    # initializers/sidekiq.rb
    
    Sidekiq.configure_server do |config|
      Rails.env.production? ?
        config.redis = { url: Rails.application.credentials.redis_url,
                         password: Rails.application.credentials.redis_password
        } :
        config.redis = { url: 'redis://localhost:6379/1' }
    end
    
    Sidekiq.configure_client do |config|
      Rails.env.production? ?
        config.redis = { url: Rails.application.credentials.redis_url,
                         password: Rails.application.credentials.redis_password
        } :
        config.redis = { url: 'redis://localhost:6379/1' }
    end
    

    I've pushed up a PR to the Docs to make this option clearer to future users.