This is a continuation from the previous article (https://qiita.com/ysda/items/49fa6e8318c874a57b9e).
To prevent the AWS key from being leaked, set the contents of the key in an environment variable. If you don't know the environment variables, google to find out!
There was a description such as [: access_key_id] and [: secret_access_key] in carrierwave.rb. This is where the preset keys are entered and in Rails 5.2 they are managed in a file called "credentials.yml.enc".
Now let's open credentials.yml.enc in an editor. You should see the encrypted string as shown below.
Set this so that VS Code can be started from the terminal. In VSCode, press Command + Shift + P at the same time to open the command palette. Then enter "shell". In the menu, the item "Install'code' command in PATH" is displayed. Click it. By doing this, you will be able to start VS Code by typing "code" from the terminal.
Now, let's execute the following command from the terminal. The decrypted credentials.yml.enc should be visible in VS Code and editable.
% EDITOR='code --wait' rails credentials:edit
Let's edit the AWS access_key_id and secret_access_key as follows.
credentials.yml.enc decrypts with a file called master.key. However, placing master.key in a production environment poses a security issue. Therefore, let's set the contents of master.key in the environment variable of the production environment.
Log in to your EC2 instance and open the file that sets the environment variables.
sudo vim /etc/environment
Copy the value of "config / master.key" in your local development environment and set it to RAILS_MASTER_KEY in your production environment.
Now that you have set the environment variables, log back in to your EC2 instance and check the environment variables with the following command.
env | grep RAILS_MASTER_KEY
The flow of referencing environment variables is as follows.
With the previous article and the above settings, you should be able to upload images to S3! Perhaps! that's all!