How should secret files be pushed to an EC2 (on AWS) Ruby on Rails application?

nikc asked:

How should secret files be pushed to an EC2 Ruby on Rails application using amazon web services with their elastic beanstalk?

I add the files to a git repository, and I push to github, but I want to keep my secret files out of the git repository. I’m deploying to aws using:

git aws.push

The following files are in the .gitignore:


Following this link I attempted to add an S3 file to my deployment:

Quoting from that link:

Example Snippet

The following example downloads a zip file from an Amazon S3 bucket and unpacks it into /etc/myapp:


Following those directions I uploaded a file to an S3 bucket and added the following to a private.config file in the .elasticbeanstalk .ebextensions directory:


That config.tar.gz file will extract to:


However, when the application is deployed the config.tar.gz file on the S3 host is never copied or extracted. I still receive errors that the database.yml couldn’t be located and the EC2 log has no record of the config file, here is the error message:

Error message:
  No such file or directory - /var/app/current/config/database.yml
Exception class:
Application root:

My answer:

Smells like a typo.

The instructions you linked to say, in relevant part:

Customizing your AWS Elastic Beanstalk environment when you deploy your application requires two steps:

  1. Create a configuration file with the extension .config and place it in an .ebextensions top-level directory of your source bundle. You can have multiple configuration files in your .ebextensions directory. These files are executed in alphabetical order. For example, .ebextensions/01run.config is executed before .ebextensions/02do.config.

However, you said you placed the .config file in a .elasticbeanstalk directory. Try fixing the directory name.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.