Ruby on Rails Active Storage AWS, GCP, and Azure config

In this Ruby on Rails tutorial, we are going to configure Ruby on Rails Active Storage module to work with

• Google Cloud Platform,
• Amazon AWS S3 Buckets,
• Microsoft Azure Cloud.

Let us learn more about Ruby on Rails Active Storage setup...

What is Ruby on Rails Active Storage?

Ruby on Rails Active Storage is responsible for storing any files in the Ruby on Rails application and exposing them to Ruby on Rails application's Active Record objects.

Ruby on Rails Active Storage out of the box comes equipped with four different file storage options:

• a local disk-based service, useful for development and testing,
• Google Cloud Platform,
• Amazon AWS S3,
• Microsoft Azure Storage,

and on top of that, supports mirroring files between multiple storage destinations for sane migrations and backups.

Furthermore, Ruby on Rails Active Storage equips the application into the ability to perform various file transformations:

• cropping, resizing and doing everything available via ImageMagick library,
• file format conversion, for example changing JPG to PNG,
• generating images from PDF and other file formats,
• extracting metadata from arbitrary files.

Ruby on Rails Active Storage is the module to use whenever in need to do any kind of work on files.

If your Ruby on Rails application needs to store an avatar uploaded by a user in order to easier identify him in your web app, use Ruby on Rails Active Storage module.

![rails-active-storage-various-file-extensions](https://hix-prd-cms.nyc3.digitaloceanspaces.com/rails_active_storage_various_file_extensions_370edbc027.webp "Files with different extensions"/></figure>

If your Ruby on Rails application needs to generate payment invoices in order to later send them via email, use Ruby on Rails Active Storage module.

Ruby on Rails Active Storage configuration overview

In order to work, Ruby on Rails Active Storage requires two tables in your application's database:

• active_storage_blobs table,
• active_storage_attachments table

In order to acquire Ruby on Rails migrations creating those tables and then create them in your Ruby on Rails application, run

rails active_storage:install
rails db:migrate

Ruby on Rails Active Storage supports declaring multiple services configuration usage, with an ability to keep multiple storage services mirrored.

The Ruby on Rails Active Storage configuration file bases on two special keys in order to synchronize files between multiple storage services:

• primary accepting the predefined service name as a value,
• mirrors accepting an array of predefined service names as a value,

This is especially useful in order to safely migrate between services in the production environment of the Ruby on Rails application with zero downtime.

While configuring Ruby on Rails Active Storage in your application, you are going to be interested in the following files.

• config/storage.yml, the main Ruby on Rails Active Storage configuration file responsible for all services definitions,
• config/environments/development.rb,
• config/environments/test.rb,
• config/environments/production.rb.

On top of the default Ruby on Rails environments, any other environment configuration file that your application defines, such as for example config/environments/staging.rb, is going to configure the Ruby on Rails Active Storage module.

Ruby on Rails Active Storage server disk usage configuration

Let us take a look at the most basic configuration for the Ruby on Rails Active Storage module - the simple server disk usage.

Ruby on Rails Active Storage on server disk

This is the default configuration that comes with Ruby on Rails project intialization.

config/storage.yml

local:
  service: Disk
  root: <%= Rails.root.join("storage") %>

test:
  service: Disk
  root: <%= Rails.root.join("tmp/storage") %>

The example Ruby on Rails Active Storage file defines two services, local and development.

Both of them save files to defined Ruby on Rails application directories, let's make sure they are created in your project root.

cd /path/to/rails/app
mkdir files
mkdir -p tmp/files

This should be optional unless your Ruby on Rails application was initialized with the --skip-active-storage configuration option.

The test service takes advantage of the temporary directory, that's usually ignored by git version control in the .gitignore file.

The disk service is the one that you'd probably want to use in the development and potentially in the production environment.

It would also go to the .gitignore file, yet you wouldn't want to lose it on production - anyway, make sure its there for the development process.

.gitignore

/storage/*
/tmp/*

Let's now take a look at the Ruby on Rails Active Storage environment configuration file - let it be the test one, as it will most likely look like in most of Ruby on Rails applications.

config/environment/test.rb

config.active_storage.service = :test

This simple configuration option accepts a symbol representing the service name previously defined in the Ruby on Rails Active Storage configuration file.

In our case, it tells Ruby on Rails Active Storage module to write to the temporary files directory while running the app in the test environment.

Configuration of other environments' Ruby on Rails Active Storage module is going to look like that:

config/environment/production.rb, config/environment/development.rb

config.active_storage.service = :local

And that's pretty much it.

Continue reading in order to learn how to use third-party cloud storage services with Ruby on Rails Active Storage module.

Ruby on Rails Active Storage Google Cloud Platform configuration

Google Cloud Platform Storage service connection is easily configurable with Ruby on Rails Active storage module.

Ruby on Rails Active Storage with Google Cloud Storage

The most difficult part of the process is not Ruby on Rails code-related - yet still worth automating with Ruby on Rails hix.dev template - but the whole setup on the Google Cloud Platform part.

Let's get through it.

GCP account setup and bucket creation

In order to use Google Cloud Storage with Ruby on Rails Active Storage module, we need to create an account first. Follow these steps in order to do that.

• On the official Google Cloud Storage website page, click Try it free. Try Google Cloud Storage for free
• You will be asked to log into your Google account. Do that, or create one if you don't have it.
• In the first step of Google Cloud account creation, confirm that Google guessed your country of origin correctly and accept the terms and conditions. Step 1 of Google Cloud Storage account creation
• In the second step, sell your soul to Google providing your address and credit card information. You might choose between an "Individual" and "Business" accounts here, too. Step 2 of Google Cloud Storage account creation
• Click "Start my free trial", and on the next page click the "Got it" button in the welcome popup. Welcome to Google Cloud Platform

You are now on your Google Cloud Platform dashboard dedicated to Storage management. By default, Google Cloud Platform creates an entity called "My First Project".

For the purposes of this guide, we are going to use it, but in your Ruby on Rails production projects, it's worth creating a project with a more meaningful name than that.

• Click the "Create bucket", and then close the popup window by clicking the "Got it" button. Click Create bucket button
• In the first step of the bucket creation, provide its name - if not sure, go through the bucket naming guidelines - and then click Continue. Keep your bucket name in mind in order to connect to it via Ruby on Rails Active Storage module. Name your bucket and click continue
• In the next step, select storage location best matching your Ruby on Rails application audience, then click "Continue". Adjust bucket location settings
• Depending on your need, select the storage data class - it defines how often your files are going to be accessed. Then, click "Continue". Select bucket storage data class
• In the access control step, it is best to leave it as-is if in doubt. Adjust bucket access control if needed
• The rest of the configuration is optional - click Continue in order to review it, and then click the Create button.

Now that we've created the Google Cloud Platform account and our first bucket in the Storage service, let's get through the authorization part.

GCP storage credentials

Follow the credentials generation process in order to authorize Ruby on Rails Active Storage to connect to Google Cloud Storage.

• Go to the Google Cloud service account management website.

• Click the Open the IAM & Admin page button. Open the IAM and Admin page

• Click Select a project, choose a project, and click Open.

• In the left-hand sidebar, navigate to Service accounts page. Service accounts in sidebar

• On the service accounts page, click the "Create service account" button. Create service account

• Provide service account name. The ID is autogenerated from the name, and description is optional. Click the "Create" button. Provide service account name

• Optionally set the service account permissions to Storage Admin. Then, click the "Continue" button. Service account permissions

• In the next step, click the "Create key" button. Create service account credentials

• In the right-hand sidebar, select JSON option and click "Create". Create service account credentials

• The private key was downloaded. Save it for further usage in the Ruby on Rails Active Storage configuration. Private access key generated succesfully

Now that we've successfully obtained the Google Cloud Storage JSON credentials private key, let's connect our Ruby on Rails Active Storage using it.

GCP Rails configuration

For Ruby on Rails Active Storage to work with Google Cloud Storage there's a dedicated gem required to be installed.

Add the following to your Ruby on Rails application Gemfile file.

Gemfile

gem 'google-cloud-storage'

Next, open the downloaded Google Cloud Storage JSON file with a text editor of your choice.

keyfile.json

{
  "type": "service_account",
  "project_id": "40hallowed-ridge-264013",
  "private_key_id": "32976f16b04ece6a6fb8bc3bb4c52ea48f738bb8",
  "private_key": "-----BEGIN PRIVATE KEY-----\n<.....>\n-----END PRIVATE KEY-----\n",
  "client_email": "hix.dev@40hallowed-ridge-264013.iam.gserviceaccount.com",
  "client_id": "102135739378581270686",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/hix.dev%40hallowed-ridge-264013.iam.gserviceaccount.com"
}

Ruby on Rails Active Storage supports two types of configuration for the Google Cloud Storage service.

The first way to configure Ruby on Rails Active Storage to connect with your Google Cloud Storage bucket is by using the credentials key, which accepts a path to the JSON credentials file stored in your Ruby on Rails application directory.

config/storage.yml

google:
  service: GCS
  credentials: <%= Rails.root.join("path/to/keyfile.json") %>
  project: "My First Project"
  bucket: "hix.dev-active-storage"

The second option is to pass each of the configuration options defined in the Google Cloud Storage JSON file separately.

config/storage.yml

google:
  service: GCS
  credentials:
    type: "service_account"
    project_id: "hallowed-ridge-264013"
    private_key_id: "32976f16b04ece6a6fb8bc3bb4c52ea48f738bb8"
    private_key: "-----BEGIN PRIVATE KEY-----\n<.....>\n-----END PRIVATE KEY-----\n"
    client_email: "hix.dev@hallowed-ridge-264013.iam.gserviceaccount.com"
    client_id: "102135709378581270686"
    auth_uri: "https://accounts.google.com/o/oauth2/auth"
    token_uri: "https://accounts.google.com/o/oauth2/token"
    auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs"
    client_x509_cert_url: "https://www.googleapis.com/robot/v1/metadata/x509/hix.dev%40hallowed-ridge-264013.iam.gserviceaccount.com"
  project: "My First Project"
  bucket: "hix.dev-active-storage"

In both cases, it is not the best idea to keep any secrets in the version control system. Let's install the dotenv-rails gem instead and put all the configuration into the dedicated .env file.

.env

GCS_PROJECT_ID=hallowed-ridge-264013
GCS_PRIVATE_KEY_ID=32976f16b04ece6a6fb8bc3bb4c52ea48f738bb8
GCS_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n<.....>\n-----END PRIVATE
KEY-----\n"
GCS_CLIENT_EMAIL=hix.dev@hallowed-ridge-264013.iam.gserviceaccount.com
GCS_CLIENT_ID=102135709378581270686
GCS_AUTH_PROVIDER_X509_CERT_URL=https://www.googleapis.com/robot/v1/metadata/x509/hix.dev%40hallowed-ridge-264013.iam.gserviceaccount.com
GCS_PROJECT="My first project"
GCS_BUCKET=hix.dev-active-storage

After doing that, simply use all the environment variables in the Ruby on Rails Active Storage configuration file.

config/storage.yml

google:
  service: GCS
  credentials:
    type: "service_account"
    project_id: <%= ENV['GCS_PROJECT_ID'] %>
    private_key_id: <%= ENV['GCS_PRIVATE_KEY_ID'] %>
    private_key: <%= ENV['GCS_PRIVATE_KEY'] %>
    client_email: <%= ENV['GCS_CLIENT_EMAIL'] %>
    client_id: <%= ENV['GCS_CLIENT_ID'] %>
    auth_uri: "https://accounts.google.com/o/oauth2/auth"
    token_uri: "https://accounts.google.com/o/oauth2/token"
    auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs"
    client_x509_cert_url: <%= ENV['GCS_CLIENT_X509_CERT_URL'] %>
  project: <%= ENV['GCS_PROJECT'] %>
  bucket: <%= ENV['GCS_BUCKET'] %>

This way your Google Cloud Storage credentials are not stored in the repository holding your Ruby on Rails application code and are less likely to get stolen.

Ruby on Rails Active Storage AWS S3 configuration

Amazon Web Services AWS S3 storage service connection is easily configurable with Ruby on Rails Active Storage module.

Ruby on Rails Active Storage with Amazon S3

The most difficult part of the configuration is the whole setup on the Amazon Web Services AWS S3 part - yet it is still worth it to automate Ruby on Rails Active Storage configuration with Ruby on Rails hix.dev template

Let's dive into it.

AWS account setup

Get through the following steps in order to create your Amazon account for connecting Ruby on Rails Active Storage with the AWS S3 service.

• Go to AWS Amazon S3 official website and click "Get Started with Amazon S3" button. Get started with Amazon S3
• Click the "Create new account" button. If you have an account already, you can skip the rest of these steps. Create new Amazon account
• Provide your account email, password and name. Then click the "Continue" button. Provide your account email, password and name
• Sell your soul to Amazon providing your full name and address data. At this point it is possible to create either "Personal" or "Business" account. Then click the "Create account and continue" button. Provide your credentials and address
• Provide your Credit Card information and click the "Verify and Add" button. Provide your credit card information
• Select the country and provide your phone number in order to get the verification code. Fill up the security check input, then click the "Send SMS" button. Identity verification: country and phone number
• Wait for the SMS message and enter your verification code, then click the "Verify code" button. Identity verification: enter the code form SMS message
• In the successful verification popup, click the "Continue" button. Identity verification success
• Select your support plan. It's good to start for free and upgrade it as you need. Select Amazon Support plan
• Click the "Sign in to the Console" button. Welcome to the AWS

Now that you've created your AWS account, let's create the Amazon S3 bucket.

Follow the steps below in order to do that. - Sign in to the AWS Management Console providing email and password to your account. Sign in to AWS Management Console

• Click the "Services" dropdown in the navigation bar and navigate to the "Storage / S3" page. Navigate to Storage S3 Service
• In the S3 dashboard, click the "Create bucket" button. Click the 'Create bucket' button
• Enter your bucket name and select its region - it is important to remember for further Ruby on Rails Active Storage configuration. Then, click the "Next" button. Provide S3 bucket name and region
• Browse through the S3 bucket configuration options. Then click the "Next" button. S3 bucket configuration options
• Adjust your S3 bucket permissions settings, they can be changed later if needed. When done, click the "Next" button. S3 bucket permissions settings
• In the final step, review all the information provided, then click the "Create bucket" button. S3 bucket settings review

The last step for Ruby on Rails Active Storage module towards accessing your Amazon AWS S3 bucket is obtaining your account credentials.

Let's see how to do that.

AWS storage credentials

With regard to the Amazon Best Practices, we are going to create a special user for our Ruby on Rails Active Storage module, with access specifically set to the Amazon AWS S3 service only.

The Amazon access can be modified at any point for given users.

Follow the steps below.

• In the AWS S3 dashboard, click your account dropdown and "My Security Credentials" link. Navigate to Amazon account Security Credentials
• In the popup, click the "Get Started with IAM Users" button. Get Started with IAM Users
• In the Identity and Access Management dashboard, click the "Add user" button. Click the 'Add user' button
• Enter the user name and password, and allow programmatic and AWS Management Console access. Do not require a password change. Then, click the "Next: Permissions" button. Provide name, password and access options
• Click the "Attach existing policies directly" tile, then search for "S3" and check the "AmazonS3FullAccess" option. Grant full access to Amazon S3
• Optionally, add user tags. When done, click the "Next: Review" button. Optional Amazon S3 user tags
• Review the new user, then click the "Create user" button. Amazon S3 user creation review
• Copy your "Access key ID" and "Secret access key". Get your Amazon S3 user credentials
• At this point, it is also good to backup your access keys CSV file safely, just in case.

Now that we've obtained Amazon AWS S3 credentials, let's finalize connecting the Ruby on Rails Active Storage module to our freshly created AWS S3 bucket.

AWS Rails configuration

Ruby on Rails Active Storage module is able to connect with your Amazon AWS S3 service thanks to aws-sdk-s3 gem.

Open your project's Gemfile file and add the following.

Gemfile

gem 'aws-sdk-s3'

Now, let's get to the Ruby on Rails Active Storage configuration.

Browse a full list of AWS regions in order to find your S3 bucket region code.

config/storage.yml

s3:
  service: S3
  access_key_id: "AKIAIOSFODNN7EXAMPLE"
  secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
  region: "eu-west-2"
  bucket: "hix.dev"

Adjust the Ruby on Rails Active Storage configuration file with your Amazon AWS S3 credentials.

A better way to store Ruby on Rails application credentials is by using the dotenv-rails gem. After installing it, create the .env file and add the following.

.env DO_SPACES_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE DO_SPACES_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY DO_SPACES_BUCKET=hix.dev DO_SPACES_REGION=eu-west-2

The next step is to load those environment variables into the Ruby on Rails
Active Storage configuration file.

_config/storage.yml_
```yml
s3:
  service: S3
  access_key_id: <%= ENV['DO_SPACES_ACCESS_KEY'] %>
  secret_access_key: <%= ENV['DO_SPACES_SECRET_ACCESS_KEY'] %>
  region: <%= ENV['DO_SPACES_REGION'] %>
  bucket: <%= ENV['DO_SPACES_BUCKET'] %>

This way you don't store any secrets in your Ruby on Rails project's version control system - other supported ways to achieve the same goal are using different configuration methods off the AWS Ruby SDK package.

Ruby on Rails Active Storage Microsoft Azure Cloud configuration

Microsoft Azure Blob Storage Microsoft Azure Blob Storage service connection is easily configurable with Ruby on Rails Active Storage module.

Ruby on Rails Active Storage with Microsoft Azure Blob Storage

Once you get through the Microsoft Azure Blob Storage account creation and setup, it is worth to automate the Ruby on Rails Active Storage configuration with Ruby on Rails hix.dev template.

Let's rock.

Azure account setup

For Ruby on Rails Active Storage to work with Microsoft Azure Storage, the Microsoft account and Microsoft Azure account are needed.

Follow the steps below in order to create a Microsoft account.

• Visit the Microsoft Azure Storage website and click the "Start free" button. Start for free with Microsoft Azure
• On the next page, click the "Start free" button. Start for free with Microsoft Azure
• Provide your account email, then click the "Next" button. Provide your account email
• Provide your account password, then click the "Next" button. Provide your account password
• Provide your country and birth date, then click the "Next" button. Provide your country and birth date
• Go to your email account, copy and paste the verification code. Then click the "Next" button. Verify the account email

Now that we have created the Microsoft account, we are going to create the Microsoft Azure account related to it.

You should be redirected to the form presented below.

• Provide your basic credentials - country, first and last name, email, phone number and optionally your company VAT ID. Then click the "Next" button. Provide your basic credentials
• After entering your phone number, click the "Text me" button. Verify your phone number
• Wait for the SMS message and enter the code received. Wait for the verification to complete and click the "Next button". Identity SMS verification
• Sell your soul to Microsoft providing all the necessary billing data. Then click the "Next" button. Provide billing data
• Check the required agreements and click the "Sign up" button. Agree and sign up

That's it, both Microsoft accounts required by Ruby on Rails Active Storage are ready to use.

In the new account, let's create the "Storage account" and an entity that's specific to Azure, called "Container", which is an equivalent to AWS S3 and Google Cloud Storage "Bucket".

• Click the "Go to portal" button. Go to portal
• Skip the Azure usage wizard for now by clicking "Maybe later" button in the popup. Skip the Azure usage wizard
• In the top-left corner open the hamburger menu and navigate to the "Storage accounts" page. Navigate to Storage accounts page
• Click the "Create storage account" button. Create storage account
• Provide account name, select its location and optionally browse through all the configuration tabs. Then click the "Review + Create" button. Provide account data
• Wait for the account validation, then click the "Create" button. Wait for validation and create account
• Wait for the container to be created - it will take up to 5 minutes. Then click the "Go to resource" button. Go to resource
• Click the "Containers" tile. Navigate to Containers
• Click the "+ Container" link, provide your container data and click the "OK" button. Create your container

With all this in place, let's collect the final piece required for Ruby on Rails Active Storage to work with our Microsoft Azure account.

Azure storage credentials

The last step toward working Ruby on Rails Active Storage module reading and writing files to our Microsoft Azure Storage service is obtaining its credentials.

In order to do that, in the left-hand sidebar "Settings" section navigate to the first section named "Access keys".

Obtain Microsoft Azure credentials

Leave this page open for the Ruby on Rails Active Storage configuration described in the next step.

Azure Rails configuration

In order to work, Ruby on Rails Active Storage requires the dedicated gem.

Open your Gemfile and add the following.

Gemfile

gem 'azure-storage-blob'

The next step is to edit the Ruby on Rails Active Storage configuration file.

config/storage.yml

azure:
  service: AzureStorage
  storage_account_name: "hixonrails"
  storage_access_key: "12id12dni1ksld1niodnio1dn1opdm1skdm1idmop1wm1pdm1pd1"
  container: "activestorage"

The more secure way to store your Microsoft Azure Storage credentials is to use dotenv-rails gem instead of keeping them in the Ruby on Rails Active Storage configuration file, which is checked into the git version control system.

.env

AZURE_STORAGE_ACCOUNT_NAME=hixonrails
AZURE_STORAGE_ACCESS_KEY=12id12dni1ksld1niodnio1dn1opdm1skdm1idmop1wm1pdm1pd1
AZURE_STORAGE_CONTAINER=activestorage

With this saved, edit the Ruby on Rails Active Storage configuration file.

config/storage.yml

azure:
  service: AzureStorage
  storage_account_name: <%= ENV['AZURE_STORAGE_ACCOUNT_NAME'] %>
  storage_access_key: <%= ENV['AZURE_STORAGE_ACCESS_KEY'] %>
  container: <%= ENV['AZURE_STORAGE_CONTAINER'] %>

This way your Ruby on Rails application is one step closer to respect Twelve-Factor App methodology Twelve-Factor App methodology</a>.

Conclusion

Ruby on Rails Active Storage configuration is as easy as it gets - all you need to do is filling your access data to the Cloud Storage provider of your choice.

It gets even easier if you decide that your Ruby on Rails Active Storage module is going to store the files on your server's disk.

The difficult, yet in case of most of the organizations one-time part of the Ruby on Rails Active Storage configuration is the account creation and setup with the Cloud Storage provider of your choice - Amazon, Google or Microsoft.

In order to make the Ruby on Rails Active Storage configuration part even easier, consider using Ruby on Rails hix.dev Template that integrates the Active Storage setup in its setup wizard.