I am a noob at RoR, so forgive me if this is a stupid question.
I am trying to have user subscription form in my simple app.
I basically followed this guide to get it work
My code is working and I can signup with the form, however, I keep getting email from mailchimp telling me that my keep has been compromised. Sometimes I get this email after I try to send some test subscription, othertimes I just get it after I change my api key again.
I wanted to reach out to you to let you know that we had to disable an active API Key in your MailChimp account with the account name MYACCOUNTNAME.
We were able to find your API Key posted publicly, which gives someone full access to your account. Since it's been disabled, we don't recommend re-enabling it. Instead, you'll need to generate a new API Key in your account.
Am I suppose to somehow encrypt my key or something? Btw, my app is on Heroku. So How do I stop my keys from being disabled?
You probably host your code on github, and, as the repository is public, even google robots can index it. Scammers can use your credentials as well.
There is nothing bad hosting repository on github, though. Just use environment variables instead of storing the credentials in the code.
config/initializers/gibbon.rb:
Gibbon::API.api_key = ENV[:api_key]
To set environment variable on heroku:
heroku config:set api_key=<your key>