When I was starting out on rails I saw Figaro, but I didn’t understand what it is or what it does - why does it exist? This article will hopefully provide a simple explanation to that question.

What it does? And why does it exist?

Typically in your rails application, you will need to provide information that you want to be kept secret e.g. your email password, that you also need in order to make your rails app work properly. For example, if you want your app to send users a welcome message from your gmail inbox: how are you going to do that? Your rails app needs some confidential information that you don’t want anyone else to know.

One option (which is a bit of a security risk) is to keep your password in a separate file on your rails app. If you add that file to git and then send that file off to github, then the whole world can read it if you have made your project ‘public’. Even if you have made your project ‘private’ so that no one else on Github can read it, it’s still a security risk.

So what you do is you put all your passwords in a file somewhere and you DO NOT store that in git. Whenever your app needs those secret credentials it will come and retrieve them from the secret file you have stored in your app - and when you want to deploy your app, you can secretly and securely communicate those credentials to heroku, so that everything will (hopefully) just work.

Summary

Figaro allows you to keep your secrets on your local machine where you are developing your rails app, while also having protection when you are sharing your rails app with the public (so that you are not also sharing your secrets) while also allowing you to easily communicate and store those secrets with heroku.