Securing Amazon Access Keys in a Rails App
I’ve recently added AWS S3 storage capability to my Rails Backend. Users can upload profile pictures that are then stored in an S3 bucket.
If you are interested in finding out more about how to implement such a photo (or any file, really) upload feature in your React app, I suggest you refer to on of my older posts about cropping and uploading images in a React app using react-image-crop.
The files are actually being uploaded from my React single page application then turned into blobs in my Rails API.
A blob is a record that contains the metadata about a file and a key for where that file resides on the service
I decided to store my development keys in the credentials.yml.enc file
It is crucial to know this file is never meant to be updated directly. Meaning, you cannot simply open it, add secret keys, and then save it.
It doesn’t actually hold our keys but rather an encoded version of the keys with the help of the master.key file which we can also see in the same folder.
To let Rails do its magic, all we need is the following command:
