How To Securely Move or Transfer Files To HerokuFeb 16 2018
Do you need to transfer files to Heroku for:
- performing a one-off operation on some data?
- like maybe importing some data from a CSV file into a Heroku database?
If you’re stuck on this like I was, here is a simple and secure way to do this using the excellent transfer.sh service.
The only prerequisites are to have cURL and GPG installed on the source machine. Both of these should already be installed on your Heroku instance, at least in my experience.
If you’re on macOS, cURL should already be installed, but you’ll likely have to install GPG, preferrably using Homebrew.
If on Linux, like Ubuntu for example, you can install
sudo apt-get install curl gnupg
# cURL should already be installed with macOS brew install gnupg
Step 1: Upload Encrypted File
On the machine containing the file you want to transfer, be it your local machine or some other server, run the command below.
# upload/encrypt file cat turtles.csv \ | gpg --armor --symmetric --output - \ | curl -X PUT --upload-file "-" https://transfer.sh/turtles.csv # => https://transfer.sh/123abc/turtles.csv
# upload/encrypt file # conveniently copy the URL using pbcopy if on macOS cat turtles.csv \ | gpg --armor --symmetric --output - \ | curl -X PUT --upload-file "-" https://transfer.sh/turtles.csv \ | pbcopy # => https://transfer.sh/123abc/turtles.csv
You’ll be prompted to enter a passphrase to encrypt the file before uploading it to transfer.sh.
Step 2: Download To Heroku Instance
First, spin up a bash session for your Heroku app.
# start up bash session on heroku heroku run bash
Then download the file from the URL returned back to you from transfer.sh in Step 1.
heroku run bash
# download/decrypt the file curl https://transfer.sh/123abc/turtles.csv \ | gpg --output - > turtles.csv
You’ll be prompted to enter the passphrase from Step 1 to decrypt the file and that’s it!
Wait, is this actually secure?
Ok, sure, this certainly isn't as secure as encrypting it with a full blown key, but that would take some of the “easy” out of all of this. Granted, I’m not a big wig security expert, but there does seem to be certain types of data for which a simple passphrase encryption would suffice.
Of course I would not recommend you upload something extremely sensitive (e.g. credit card numbers, passwords) in this manner, but for mildly sensitive data, this seems fine. (You shouldn’t be uploading that kind of stuff anywhere)
Remember, the links on transfer.sh expire after 10 days as well, so that is at least a little bit of extra security built-in.
And heck, if you’re not worried about the encryption at all, you can just bypass the GPG encryption step altogether and make it even simpler.
# upload file cat turtles.csv \ | curl -X PUT --upload-file "-" https://transfer.sh/turtles.csv # => https://transfer.sh/123abc/turtles.csv
heroku run bash
# download file curl https://transfer.sh/123abc/turtles.csv --output turtles.csv