As you know Heroku runs ephemeral filesystem which doesn’t allow us to store any arbitrary file beside the actual application repository, but pushing keys to the respository seems like a bad idea…

So, what to do?

The answer is simple, use Config Vars:

1

heroku config:add SOME_PRIVATE_KEY="$(cat tmp/some-certs/privatekey.pem)"

And then, somewhere in your code, read the key like this:

1

private_key = OpenSSL::PKey::RSA.new(ENV['SOME_PRIVATE_KEY'])

Enjoy!