Simplify Your Ruby Application Configuration with Figaro Gem

railsMarch 12, 2024Dotby Alkesh Ghorpade

Introduction

In web development, managing sensitive information like API keys, database credentials, and other configuration variables can be a daunting task. Hardcoding these values into your codebase poses security risks, making it challenging to maintain, especially in a collaborative environment. However, there's a solution – the Figaro gem.

What is the Figaro Gem?

The Figaro gem is a robust tool designed to simplify the management of environment variables in Ruby on Rails applications. Figaro provides an elegant solution for securely storing and accessing sensitive configuration data. By externalizing these variables from your codebase, Figaro enhances security, facilitates deployment, and promotes best practices in application development.

Inspired by the Twelve-Factor App

Figaro takes its core principles from the Twelve-Factor App methodology. This industry standard dictates that application configuration should be stored in environment variables (env vars). Env vars offer several advantages:

  • Easy to Modify:

    Changing configurations between deployments becomes a breeze; you don't need to touch any code.

  • Security:

    Since they're not stored in code repositories, there's less risk of accidentally committing sensitive data.

  • Universality:

    Env vars are a standard feature across different programming languages and operating systems, promoting flexibility.

Getting Started with Figaro

Now that we understand the significance of the Figaro gem let's dive into how you can incorporate it into your Ruby on Rails project.

Installation

Begin by adding the Figaro gem to your Gemfile and running bundle install to install the gem.

gem 'figaro'

You must execute the following command in your terminal to install and configure the gem.

$ bundle exec figaro install

This command creates a new config/application.yml file with comments to guide you and automatically adds it to your .gitignore file to prevent accidental version control.

Let's say you want to add AWS keys to your application.yml and access them in the AWS initializer. You need to do the following:

# config/application.yml

aws_access_key_id: 'ACCESS_KEY_ID'
aws_secret_access_key: 'SECRET_ACCESS_KEY'

# config/initializers/aws.rb

AWS.config(
  access_key_id: ENV['aws_access_key_id'],
  secret_access_key: ENV['aws_secret_access_key']
)

Environment based keys

Environment-based keys in Figaro allow developers to specify different configuration variables for different environments (e.g., development, test, production). This is particularly useful for managing credentials, API keys, and other sensitive information across various application development and deployment stages. Figaro provides a convenient way to organize and manage environment-specific keys, ensuring that the correct variables are loaded based on the current environment.

# config/application.yml

development:
  aws_access_key_id: 'DEVELOPMENT_ACCESS_KEY_ID'
  aws_secret_access_key: 'DEVELOPMENT_SECRET_ACCESS_KEY'

test:
  aws_access_key_id: 'DEVELOPMENT_ACCESS_KEY_ID'
  aws_secret_access_key: 'DEVELOPMENT_SECRET_ACCESS_KEY'

Instead of ENV, you can also use Figaro.env to access the keys. To access the aws_access_key_id, you can also use Figaro.env.aws_access_key_id.

Specify Mandatory keys

Some configuration values are essential for your application to function correctly. Suppose a required key is missing from your Figaro configuration. In that case, you can decide whether to raise an error immediately(proactively) or delay the error until the value is first accessed (lazily).

# config/initializers/figaro.rb

Figaro.require_keys("aws_access_key_id", "aws_secret_access_key")

Forgetting any of these configuration keys will trigger an error when your application starts. This proactive approach ensures proper configuration before anything breaks. Alternatively, Figaro offers lazy loading using bang methods.

# config/initializers/aws.rb

Figaro.env.aws_access_key_id!

Key Features and Benefits

  • Security:

    Hardcoding sensitive information directly into your source code is a security vulnerability. Figaro mitigates this risk by storing environment variables separately from your application code, making it harder for attackers to access sensitive data.

  • Simplified Configuration:

    Figaro simplifies the configuration process by allowing developers to define environment variables in a dedicated configuration file (application.yml by default). This file can then be securely shared with team members or stored in version control systems without exposing sensitive information.

  • Environment-specific Configuration:

    Figaro supports environment-specific configuration, enabling developers to define different sets of variables for development, testing, staging, and production environments. This flexibility ensures consistency across environments while accommodating specific requirements.

  • Easy Integration:

    Integrating Figaro into your Ruby on Rails application is seamless. With just a few simple steps, you can install the gem, generate the configuration file, and start using environment variables throughout your application.

  • Compatibility:

    Figaro is compatible with popular deployment platforms and hosting services, including Heroku, AWS, and Docker. Whether you're deploying to the cloud or managing your infrastructure locally, Figaro adapts to your environment effortlessly.

Conclusion

The Figaro gem revolutionizes how Ruby developers manage configuration variables in their applications. Figaro enhances security, promotes best practices, and simplifies deployment by externalising sensitive data from the codebase. Whether you're building a small-scale web application or a large-scale enterprise solution, integrating Figaro into your project is a wise investment in the security and maintainability of your codebase. Start leveraging the power of Figaro today and unlock a new level of simplicity in your Ruby on Rails development workflow. To know more about this gem, please refer to this link.

Closing Remark

Could your team use some help with topics like this and others covered by ShakaCode's blog and open source? We specialize in optimizing Rails applications, especially those with advanced JavaScript frontends, like React. We can also help you optimize your CI processes with lower costs and faster, more reliable tests. Scraping web data and lowering infrastructure costs are two other areas of specialization. Feel free to reach out to ShakaCode's CEO, Justin Gordon, at [email protected] or schedule an appointment to discuss how ShakaCode can help your project!
Are you looking for a software development partner who can
develop modern, high-performance web apps and sites?
See what we've doneArrow right