Skip to content

Use Rails Credentials mechanism for client secrets #206

New issue
New issue
Open
Open
Use Rails Credentials mechanism for client secrets#206
Labels
enhancementNew feature or request
@xeruf

Description

@xeruf
xeruf
opened on Nov 18, 2023

Desired Behavior

Use the rails credentials mechanism (https://web-crunch.com/posts/the-complete-guide-to-ruby-on-rails-encrypted-credentials) to load credentials by default (maybe secondary to env variables), and encourage configuration via rails credentials:edit [--environment=ENV].

Something like:

paypal:
  client_id: XX
  client_secret: YYYY

This also eases putting in separate credentials for development and production.

(Optional) Current Behavior
As a developer inexperienced in Ruby on Rails, I did not know how to securly store my credentials, so they ended up in the commit history.
This case can quickly happen when following the current README instructions.

Workaround
This is what I do now, after arduously pruning my commit history and having learned the proper way:

    'paypal_commerce_platform_credentials', {
      test_mode: !Rails.env.production?,
      client_id: ENV['PAYPAL_CLIENT_ID'] || Rails.application.credentials.dig(:paypal, :client_id),
      client_secret: ENV['PAYPAL_CLIENT_SECRET'] || Rails.application.credentials.dig(:paypal, :client_secret),

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions