Heroku
How to continuously sync your secrets with your Heroku application.
Brief about Heroku’s Config Variables
A single app always runs in multiple environments, including at least on your development machine and in production on Heroku. An open-source app might be deployed to hundreds of different environments.
Although these environments might all run the same code, they usually have environment-specific configurations. For example, an app’s staging and production environments might use different Amazon S3 buckets, meaning they also need different credentials for those buckets.
An app’s environment-specific configuration should be stored in environment variables (not in the app’s source code). This lets you modify each environment’s configuration in isolation, and prevents secure credentials from being stored in version control.
On a traditional host or when working locally, you often set environment variables in your .bashrc file. On Heroku, you use config vars.
Setup
- Go to integrations catalog in your envsecrets dashboard and choose “Heroku.”
- Complete the Oauth procedure that begins and grant access to all of your Heroku application to which you wish to sync your secrets.
Activation
- Go to the integrations dashboard in your envsecrets organisation and under “Heroku” choose “Sync New Environment With Your Heroku Account.”
- In the page that opens, select your envsecrets project, environment and your Heroku application where you wish to push/sync your secrets.
- Complete and save the form.
Usage
Platform
- Navigate to the environment for which you activated the integration.
- Click on the “Sync” button.
- Choose the Heroku application to which you want to sync your secrets.
- Approve the sync.
CLI
- Use the command:
envs sync --env [name-of-your-remote-environment]
- Choose the Heroku integration.
Once your secrets are synced, it is recommended you go to your Heroku application and validate the new values.
Policies about Heroku’s Config Variables
- Config var keys should use only alphanumeric characters and the underscore character (_) to ensure that they are accessible from all programming languages. Config var keys should not include the hyphen character.
- Config var data (the combination of all keys and values) cannot exceed 32kb for each app.
- Config var keys should not begin with a double underscore (__).
- A config var’s key should not begin with HEROKU_ unless it is set by the Heroku platform itself.
Add-ons and config vars
If you provision an add-on for your app, it usually adds one or more config vars to the app. The values of these config vars might be updated by the add-on provider at any time.