Does anyone know how I can get the credentials of the logged user in a heroku dyno?
Context: We are trying to log access to Heroku production rails console. People access it via heroku run or heroku exec. Heroku does authenticate the users executed the command, however, I'm unable to retrieve this information once the rails console is started.
It looks like heroku cli is not available in the dyno, and whoami returns dyno.
Eg:
$ heroku run rails c -a opt-prod
<in rails console>
irb(main):001:0> ENV
irb(main):001:0> `whoami`
We contacted Heroku and there is no option to do this. Instead,
A running dyno doesn't contain information on the user that started the process, so there's no way to get the "current user" from inside a dyno on Heroku.
However, one idea for a workaround is to grab the current Heroku CLI user and sends it along with the console command when starting. Something like this will work:
CURRENT_HEROKU_USER="$CURRENT_HEROKU_USER" rails c --app my-app-name > Running CURRENT_HEROKU_USER=chap@heroku.com rails c... ENV['CURRENT_HEROKU_USER'] > "chap@heroku.com"The downside of this approach is there's no way to validate that value from inside the dyno. However you could use your application logs to retroactively verify the info. The API will log the user who started the console process in your application logs:
CURRENT_HEROKU_USER=chap@heroku.com rails c by user chap@heroku.comI'm sorry we don't have a better answer for you here.
Please let me know if I can be of more help.