How should secret files be pushed to an EC2 (on AWS) Ruby on Rails application?

nikc asked:

How should secret files be pushed to an EC2 Ruby on Rails application using amazon web services with their elastic beanstalk?

I add the files to a git repository, and I push to github, but I want to keep my secret files out of the git repository. I’m deploying to aws using:

git aws.push

The following files are in the .gitignore:

/config/database.yml
/config/initializers/omniauth.rb
/config/initializers/secret_token.rb

Following this link I attempted to add an S3 file to my deployment:
http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html

Quoting from that link:

Example Snippet

The following example downloads a zip file from an Amazon S3 bucket and unpacks it into /etc/myapp:

sources:  
    /etc/myapp: http://s3.amazonaws.com/mybucket/myobject 

Following those directions I uploaded a file to an S3 bucket and added the following to a private.config file in the .elasticbeanstalk .ebextensions directory:

sources:
  /var/app/current/: https://s3.amazonaws.com/mybucket/config.tar.gz

That config.tar.gz file will extract to:

/config/database.yml
/config/initializers/omniauth.rb
/config/initializers/secret_token.rb

However, when the application is deployed the config.tar.gz file on the S3 host is never copied or extracted. I still receive errors that the database.yml couldn’t be located and the EC2 log has no record of the config file, here is the error message:

Error message:
  No such file or directory - /var/app/current/config/database.yml
Exception class:
  Errno::ENOENT
Application root:
  /var/app/current

My answer:


Smells like a typo.

The instructions you linked to say, in relevant part:

Customizing your AWS Elastic Beanstalk environment when you deploy your application requires two steps:

  1. Create a configuration file with the extension .config and place it in an .ebextensions top-level directory of your source bundle. You can have multiple configuration files in your .ebextensions directory. These files are executed in alphabetical order. For example, .ebextensions/01run.config is executed before .ebextensions/02do.config.

However, you said you placed the .config file in a .elasticbeanstalk directory. Try fixing the directory name.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.