Amazon access key showing in URL for Carrierwave and Fog

Posted by kcurtin on Stack Overflow See other posts from Stack Overflow or by kcurtin
Published on 2012-03-18T17:59:45Z Indexed on 2012/03/18 18:02 UTC
Read the original article Hit count: 307

I just switched from storing my images uploaded via Carrierwave locally to using Amazon s3 via the fog gem in my Rails 3.1 app. While images are being added, when I click on an image in my application, the URL is providing my access key and a signature. Here is a sample URL (XXX replaced the string with the info):

https://s3.amazonaws.com/bucketname/uploads/photo/image/2/IMG_4842.jpg?AWSAccessKeyId=XXX&Signature=XXX%3D&Expires=1332093418

This is happening in development (localhost:3000) and when I am using heroku for production. Here is my uploader:

class ImageUploader < CarrierWave::Uploader::Base
 include CarrierWave::RMagick
 storage :fog
  def store_dir
    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
  end
  process :convert => :jpg
  process :resize_to_limit => [640, 640] 
  version :thumb do
    process :convert => :jpg
    process :resize_to_fill => [280, 205]
  end
  version :avatar do
    process :convert => :jpg
    process :resize_to_fill => [120, 120]
  end
end

And my config/initializers/fog.rb :

 CarrierWave.configure do |config| 
  config.fog_credentials = { 
     :provider               => 'AWS', 
     :aws_access_key_id      => 'XXX', 
     :aws_secret_access_key  => 'XXX',
   } 
  config.fog_directory  = 'bucketname' 
  config.fog_public     = false
end  

Anyone know how to make sure this information isn't available?

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about amazon-s3