![]() ![]() Credentials provides an easy way to encrypt and store configurations along with the application code itself. One such feature that focuses on the security of your applications is credentials, which was introduced in Rails 5.2. ![]() Upgrades have fewer breaking changes, several new features like multi DB, encrypted attributes are built keeping large applications in mind, ones that require scale with security at its core. Ruby on Rails has matured in recent times. The impact of this would also be huge as we can’t risk exposing production configurations. The encryption process was manual and there is always a risk of human error while pushing these secret configurations.It is hard to view these configurations locally while editing since we store them in Encrypted JSON files.Depending on another repository for storing these configurations made it difficult while adding new changes.We had to make special adjustments to accommodate the config generation step during the deployment. Our application containers run in a “read-only” mode.However, there were a few drawbacks to this approach: These encrypted configurations were then decrypted during runtime to generate the said YML files specific to the environment / POD. The configurations were encrypted and stored in ejson (Encrypted JSON) files and added to a repository used for orchestration and deployment. The application loads these configurations through YML files and assigns them to top-level constants for easy access. Configurations pushed to remote repositories will be present in commit logs even if the changes are reverted. These configurations must not be checked into source control in plain text to avoid security breaches. ![]() To interact with these third party services securely, the app needs to maintain a list of configurations such as API keys, tokens, passwords, endpoints, and so on. These services include a lot of internal platforms, microservices and external integrations. Freshservice is a large application that interacts with a variety of third party services. Freshservice and its microservices use Nginx and passenger-backed servers hosted on four data centers – US East (US), Europe Central (EUC), India (IND), and Australia (AU). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |