I am using Heroku with RoR and Puma for my webserver. I am not using a custom domain (myapp.herokuapp.com). I want to add SSL support. Should I add the certificate to my repo and commit it with the config/puma.rb file that refers to them? It seems insecure to have my certificate in git.
Based on this I need to add a line like this:
bind 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'
If you aren't using a custom domain you can piggy back on heroku's certificate.
Basically you can just run
heroku addons:add ssl:piggyback
If you decide to start using a custom domain and want to use your own certificate then you need to use the ssl-endpoint add on. It's fine to commit your certificate to source control IMO. So long as it's not a public repository.