While working on redesigning this site’s UI I ended up finding other aspects to refactor. One of the reasons I made Commit Redux is to control this bad habit since each of these posts corresponds to a specific commit, otherwise I end up going on programming tangents to resolve unrelated albeit important things, but the time I spend on those adds up.

For a brief window of time during earlier development, I was handling authentication by comparing the form parameters submitted to the server with a hard-coded string in a conditional statement. Yeah, yeah, absolutely awful, but now I’m older and wiser and I’ll do it properly with environment variables.

First, I’ll be adding the .env file to my .gitignore and then creating it.

Sidenote: TextMate doesn’t show dotfiles by default, but focusing on the file browser panel and doing ⌥⌘i will show them.

Next, I’m installing the dotenv gem and requiring it at the top of my app.rb file (require 'dotenv/load') so I can load environment variables from a .env file in development instead of creating them in my ~/.zshrc config, which I’d done before to set the SESSION_SECRET variable 🤦🏻‍♂️.

Setting ENV variables in Dokku

To set environment variables for the Dokku container the syntax looks like this:

$ dokku config:set app-name VAR1="value1" VAR2="value2"

Executing the command will restart the container.

Lastly, I replaced the strings from the conditional with the environment variables and deployed these changes, so now authentication is just a tiny bit more secure :-)