Joey Beninghove

How To Securely Move or Transfer Files To Heroku

Feb 16 2018

Do you need to transfer files to Heroku for:

  • performing a one-off operation on some data?
  • like maybe importing some data from a CSV file into a Heroku database?

If you’re stuck on this like I was, here is a simple and secure way to do this using the excellent transfer.sh service.

Prerequisites

The only prerequisites are to have cURL and GPG installed on the source machine. Both of these should already be installed on your Heroku instance, at least in my experience.

If you’re on macOS, cURL should already be installed, but you’ll likely have to install GPG, preferrably using Homebrew.

If on Linux, like Ubuntu for example, you can install curl and gnupg via apt-get.

terminal 
sudo apt-get install curl gnupg
terminal 
# cURL should already be installed with macOS
brew install gnupg

Step 1: Upload Encrypted File

On the machine containing the file you want to transfer, be it your local machine or some other server, run the command below.

terminal 
# upload/encrypt file
cat turtles.csv \
| gpg --armor --symmetric --output - \
| curl -X PUT --upload-file "-" https://transfer.sh/turtles.csv

# => https://transfer.sh/123abc/turtles.csv

OR

terminal 
# upload/encrypt file
# conveniently copy the URL using pbcopy if on macOS
cat turtles.csv \
| gpg --armor --symmetric --output - \
| curl -X PUT --upload-file "-" https://transfer.sh/turtles.csv \
| pbcopy

# => https://transfer.sh/123abc/turtles.csv

You’ll be prompted to enter a passphrase to encrypt the file before uploading it to transfer.sh.

Step 2: Download To Heroku Instance

First, spin up a bash session for your Heroku app.

terminal 
# start up bash session on heroku
heroku run bash

Then download the file from the URL returned back to you from transfer.sh in Step 1.

heroku logo heroku run bash 
# download/decrypt the file
curl https://transfer.sh/123abc/turtles.csv \
| gpg --output - > turtles.csv

You’ll be prompted to enter the passphrase from Step 1 to decrypt the file and that’s it!

Wait, is this actually secure?

Ok, sure, this certainly isn't as secure as encrypting it with a full blown key, but that would take some of the “easy” out of all of this. Granted, I’m not a big wig security expert, but there does seem to be certain types of data for which a simple passphrase encryption would suffice.

Of course I would not recommend you upload something extremely sensitive (e.g. credit card numbers, passwords) in this manner, but for mildly sensitive data, this seems fine. (You shouldn’t be uploading that kind of stuff anywhere)

Remember, the links on transfer.sh expire after 10 days as well, so that is at least a little bit of extra security built-in.

And heck, if you’re not worried about the encryption at all, you can just bypass the GPG encryption step altogether and make it even simpler.

terminal 
# upload file
cat turtles.csv \
| curl -X PUT --upload-file "-" https://transfer.sh/turtles.csv

# => https://transfer.sh/123abc/turtles.csv
heroku logo heroku run bash 
# download file
curl https://transfer.sh/123abc/turtles.csv --output turtles.csv