Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

heroku_config_vars

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

heroku_config_vars

  • 1.1.0
  • Rubygems
  • Socket score
Version published
Maintainers
1
Created
Source

HerokuConfigVars

Gem Version Build Status Code Climate Coverage Status Dependency Status

This engine allows you to manage Heroku configuration variables from within your application.

Installation into your application

  1. Add gem 'heroku_config_vars' to your Gemfile
  2. Add mount HerokuConfigVars::Engine => "/heroku_config_vars" to your routes.rb
  3. Implement the method :heroku_config_vars_authorized? on your ApplicationController. (See Customization)
  4. To make authorization easy, this engine inherits from your ApplicationController. This means that you may have to change named routes to be more specific, otherwise the url_helper will raise a ActionController::RoutingError. e.g.
 class ApplicationController < ActionController::Base
     before_filter :authenticate

     def authenticate
-      redirect_to new_session_path unless logged_in?
+      redirect_to main_app.new_session_path unless logged_in?
     end
 end

Security

HerokuConfigVars aims to be secure by default.

  • Every request needs to be authorized by your application.
  • Non SSL requests are confirmed by the user before they're loaded.

That said, this engine will open up another vector for your (potentially sensitive) application configuration to be accessed.

Setup

  1. (Test it works in development)
  2. Deploy your app to Heroku
  3. Visit /heroku_config_vars
  4. Enter valid Heroku credentials for your application. These are stored in the Heroku configuration for this application so you don't need to enter them again.

Usage

With this engine you can:

  • View the complete ruby ENV hash
  • View the Heroku configuration
  • Update, add and delete Heroku configuration variables

Customization

You can change the path to the engine by changing the line in your routes.rb

# config/routes.rb
mount HerokuConfigVars::Engine => "/whatever_path_you_like"`

You can also change the name of the authorization method to call on ApplicationController. You may wish to do this if you already have an appropriate authorization method defined. e.g.

# config/initializers/heroku_config_vars.rb
HerokuConfigVars.authorization_method = :admin_logged_in?

A typical implementation of this method might look like:

class ApplicationController < ActionController::Base
  ...
  def heroku_config_vars_authorized?
    current_user && current_user.admin?
  end
  ...
end

FAQs

Package last updated on 23 Jan 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc