Github url


by thoughtbot

thoughtbot /paperclip

Easy file attachment management for ActiveRecord

9.1K Stars 2.1K Forks Last release: almost 2 years ago (v6.1.0) Other 2.0K Commits 103 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:



Paperclip is deprecated.

For new projects, we recommend Rails' own ActiveStorage.

For existing projects, please consult and contribute to the migration guide, available in English, en español, and as a video recorded at RailsConf 2019.

Alternatively, for existing projects, Kreeti is maintaining kt-paperclip, an ongoing fork of Paperclip.

We will leave the Issues open as a discussion forum only. We do _not_guarantee a response from us in the Issues. All bug reports should go to kt-paperclip.

We are no longer accepting pull requests except pull requests against the migration guide. All other pull requests will be closed without merging.

Existing documentation

Documentation valid for



Please check the documentation for the paperclip version you are using:

Build StatusDependency StatusCode ClimateInline docsSecurity

Paperclip is intended as an easy file attachment library for ActiveRecord. The intent behind it was to keep setup as easy as possible and to treat files as much like other attributes as possible. This means they aren't saved to their final locations on disk, nor are they deleted if set to nil, until ActiveRecord::Base#save is called. It manages validations based on size and presence, if required. It can transform its assigned image into thumbnails if needed, and the prerequisites are as simple as installing ImageMagick (which, for most modern Unix-based systems, is as easy as installing the right packages). Attached files are saved to the filesystem and referenced in the browser by an easily understandable specification, which has sensible and useful defaults.

See the documentation for


in [


]( for more detailed options.

The complete RDoc is online.


Ruby and Rails

Paperclip now requires Ruby version >= 2.1 and Rails version >= 4.2(only if you're going to use Paperclip with Ruby on Rails).

Image Processor

ImageMagick must be installed and Paperclip must have access to it. To ensure that it does, on your command line, run

which convert

(one of the ImageMagick utilities). This will give you the path where that utility is installed. For example, it might return



Then, in your environment config file, let Paperclip know to look there by adding that directory to its path.

In development mode, you might add this line to



Paperclip.options[:command\_path] = "/usr/local/bin/"

If you're on Mac OS X, you'll want to run the following with Homebrew:

brew install imagemagick

If you are dealing with pdf uploads or running the test suite, you'll also need to install GhostScript. On Mac OS X, you can also install that using Homebrew:

brew install gs

If you are on Ubuntu (or any Debian base Linux distribution), you'll want to run the following with apt-get:

sudo apt-get install imagemagick -y


The Unix [


command]( is required for content-type checking. This utility isn't available in Windows, but comes bundled with Ruby Devkit, so Windows users must make sure that the devkit is installed and added to the system



Manual Installation

If you're using Windows 7+ as a development environment, you may need to install the


application manually. The

file spoofing

system in Paperclip 4+ relies on this; if you don't have it working, you'll receive

Validation failed: Upload file has an extension that does not match its contents.


To manually install, you should perform the following:

**Download & install


from this URL**

To test, you can use the image below: untitled

Next, you need to integrate with your environment - preferably through the


variable, or by changing your




1. Click "Start" 2. On "Computer", right-click and select "Properties" 3. In Properties, select "Advanced System Settings" 4. Click the "Environment Variables" button 5. Locate the "PATH" var - at the end, add the path to your newly installed `file.exe` (typically `C:\Program Files (x86)\GnuWin32\bin`) 6. Restart any CMD shells you have open & see if it works



1. Open `config/environments/development.rb` 2. Add the following line: `Paperclip.options[:command_path] = 'C:\Program Files (x86)\GnuWin32\bin'` 3. Restart your Rails server

Either of these methods will give your Rails setup access to the


functionality, thus providing the ability to check the contents of a file (fixing the spoofing problem)


Paperclip is distributed as a gem, which is how it should be used in your app.

Include the gem in your Gemfile:

gem "paperclip", "~\> 6.0.0"

Or, if you want to get the latest, you can get master from the main paperclip repository:

gem "paperclip", git: "git://"

If you're trying to use features that don't seem to be in the latest released gem, but are mentioned in this README, then you probably need to specify the master branch if you want to use them. This README is probably ahead of the latest released version if you're reading it on GitHub.

For Non-Rails usage:

class ModuleName \< ActiveRecord::Base include Paperclip::Glue ... end

Quick Start


class User \< ActiveRecord::Base has\_attached\_file :avatar, styles: { medium: "300x300\>", thumb: "100x100\>" }, default\_url: "/images/:style/missing.png" validates\_attachment\_content\_type :avatar, content\_type: /\Aimage\/.\*\z/ end


Assuming you have a


table, add an


column to the


table: ```ruby class AddAvatarColumnsToUsers < ActiveRecord::Migration def up add_attachment :users, :avatar end

def down remove_attachment :users, :avatar end end ```

(Or you can use the Rails migration generator:

rails generate paperclip user avatar


Edit and New Views

Make sure you have corresponding methods in your controller:


Edit and New Views with Simple Form


def create @user = User.create(user\_params) end private # Use strong\_parameters for attribute whitelisting # Be sure to update your create() and update() controller methods. def user\_params params.require(:user).permit(:avatar) end

View Helpers

Add these to the view where you want your images displayed:


Checking a File Exists

There are two methods for checking if a file exists:

  • file?
    checks if the
    field is populated
  • exists?
    checks if the file exists (will perform a TCP connection if stored in the cloud)

Keep this in mind if you are checking if files are present in a loop. The first version is significantly more performant, but has different semantics.

Deleting an Attachment

Set the attribute to


and save.

@user.avatar = nil


The basics of Paperclip are quite simple: Declare that your model has an attachment with the


method, and give it a name.

Paperclip will wrap up to four attributes (all prefixed with that attachment's name, so you can have multiple attachments per model if you wish) and give them a friendly front end. These attributes are:

  • <attachment>_file_name</attachment>
  • <attachment>_file_size</attachment>
  • <attachment>_content_type</attachment>
  • <attachment>_updated_at</attachment>

By default, only


is required for Paperclip to operate. You'll need to add


in case you want to use content type validation.

More information about the options passed to


is available in the documentation of [




For validations, Paperclip introduces several validators to validate your attachment:

  • AttachmentContentTypeValidator
  • AttachmentPresenceValidator
  • AttachmentSizeValidator

Example Usage:

validates :avatar, attachment\_presence: true validates\_with AttachmentPresenceValidator, attributes: :avatar validates\_with AttachmentSizeValidator, attributes: :avatar, less\_than: 1.megabytes

Validators can also be defined using the old helper style:

  • validates\_attachment\_presence
  • validates\_attachment\_content\_type
  • validates\_attachment\_size

Example Usage:

validates\_attachment\_presence :avatar

Lastly, you can also define multiple validations on a single attachment using



validates\_attachment :avatar, presence: true, content\_type: "image/jpeg", size: { in: 0..10.kilobytes }

NOTE: Post-processing will not even start if the attachment is not valid according to the validations. Your callbacks and processors will only be called with valid attachments.

class Message \< ActiveRecord::Base has\_attached\_file :asset, styles: { thumb: "100x100#" } before\_post\_process :skip\_for\_audio def skip\_for\_audio ! %w(audio/ogg application/ogg).include?(asset\_content\_type) end end

If you have other validations that depend on assignment order, the recommended course of action is to prevent the assignment of the attachment until afterwards, then assign manually:

class Book \< ActiveRecord::Base has\_attached\_file :document, styles: { thumbnail: "60x60#" } validates\_attachment :document, content\_type: "application/pdf" validates\_something\_else # Other validations that conflict with Paperclip's end class BooksController \< ApplicationController def create @book =\_params) @book.document = params[:book][:document] respond\_with @book end private def book\_params params.require(:book).permit(:title, :author) end end

A note on content_type validations and security

You should ensure that you validate files to be only those MIME types you explicitly want to support. If you don't, you could be open toXSS attacksif a user uploads a file with a malicious HTML payload.

If you're only interested in images, restrict your allowed content_types to image-y ones:

validates\_attachment :avatar, content\_type: ["image/jpeg", "image/gif", "image/png"]

will attempt to match a file's extension to an inferred content_type, regardless of the actual contents of the file.

Internationalization (I18n)

For using or adding locale files in different languages, check the project

Security Validations

Thanks to a report from Egor Homakov we have taken steps to prevent people from spoofing Content-Types and getting data you weren't expecting onto your server.

NOTE: Starting at version 4.0.0, all attachments are required to include a content_type validation, a file_name validation, or to explicitly state that they're not going to have either. Paperclip will raise an error if you do not do this.

class ActiveRecord::Base has\_attached\_file :avatar # Validate content type validates\_attachment\_content\_type :avatar, content\_type: /\Aimage/ # Validate filename validates\_attachment\_file\_name :avatar, matches: [/png\z/, /jpe?g\z/] # Explicitly do not validate do\_not\_validate\_attachment\_file\_type :avatar end

This keeps Paperclip secure-by-default, and will prevent people trying to mess with your filesystem.

NOTE: Also starting at version 4.0.0, Paperclip has another validation that cannot be turned off. This validation will prevent content type spoofing. That is, uploading a PHP document (for example) as part of the EXIF tags of a well-formed JPEG. This check is limited to the media type (the first part of the MIME type, so, 'text' in


). This will prevent HTML documents from being uploaded as JPEGs, but will not prevent GIFs from being uploaded with a


extension. This validation will only add validation errors to the form. It will not cause errors to be raised.

This can sometimes cause false validation errors in applications that use custom file extensions. In these cases you may wish to add your custom extension to the list of content type mappings by creating



# Allow ".foo" as an extension for files with the MIME type "text/plain". Paperclip.options[:content\_type\_mappings] = { foo: %w(text/plain) }


Global defaults for all your Paperclip attachments can be defined by changing the Paperclip::Attachment.default_options Hash. This can be useful for setting your default storage settings per example so you won't have to define them in every has_attached\_file definition.

If you're using Rails, you can define a Hash with default options in


or in any of the


files on config.paperclip_defaults. These will get merged into Paperclip::Attachment.default_options as your Rails app boots. An example:

module YourApp class Application \< Rails::Application # Other code... config.paperclip\_defaults = { storage: :fog, fog\_credentials: { provider: "Local", local\_root: "#{Rails.root}/public"}, fog\_directory: "", fog\_host: "localhost"} end end

Another option is to directly modify the


Hash - this method works for non-Rails applications or is an option if you prefer to place the Paperclip default settings in an initializer.

An example Rails initializer would look something like this:

Paperclip::Attachment.default\_options[:storage] = :fog Paperclip::Attachment.default\_options[:fog\_credentials] = { provider: "Local", local\_root: "#{Rails.root}/public"} Paperclip::Attachment.default\_options[:fog\_directory] = "" Paperclip::Attachment.default\_options[:fog\_host] = "http://localhost:3000"


Paperclip defines several migration methods which can be used to create the necessary columns in your model. There are two types of helper methods to aid in this, as follows:

Add Attachment Column To A Table



helper can be used when creating a table:

class CreateUsersWithAttachments \< ActiveRecord::Migration def up create\_table :users do |t| t.attachment :avatar end end # This is assuming you are only using the users table for Paperclip attachment. Drop with care! def down drop\_table :users end end

You can also use the


method, instead of the




combination above, as shown below:

class CreateUsersWithAttachments \< ActiveRecord::Migration def change create\_table :users do |t| t.attachment :avatar end end end

Schema Definition

Alternatively, the




methods can be used to add new Paperclip columns to an existing table:

class AddAttachmentColumnsToUsers \< ActiveRecord::Migration def up add\_attachment :users, :avatar end def down remove\_attachment :users, :avatar end end

Or you can do this with the



class AddAttachmentColumnsToUsers \< ActiveRecord::Migration def change add\_attachment :users, :avatar end end

Vintage Syntax

Vintage syntax (such as




) is still supported in Paperclip 3.x, but you're advised to update those migration files to use this new syntax.


Paperclip ships with 3 storage adapters:

  • File Storage
  • S3 Storage (via
  • Fog Storage

If you would like to use Paperclip with another storage, you can install these gems along side with Paperclip:

Understanding Storage

The files that are assigned as attachments are, by default, placed in the directory specified by the


option to


. By default, this location is


. This location was chosen because, on standard Capistrano deployments, the


directory can be symlinked to the app's shared directory, meaning it survives between deployments. For example, using that


, you may have a file at


NOTE: This is a change from previous versions of Paperclip, but is overall a safer choice for the default file store.

You may also choose to store your files using Amazon's S3 service. To do so, include the


gem in your Gemfile:

gem 'aws-sdk-s3'

And then you can specify using S3 from


. You can find more information about configuring and using S3 storage in[the



Files on the local filesystem (and in the Rails app's public directory) will be available to the internet at large. If you require access control, it's possible to place your files in a different location. You will need to change both the




options in order to make sure the files are unavailable to the public. Both




allow the same set of interpolated variables.

IO Adapters

When a file is uploaded or attached, it can be in one of a few different input forms, from Rails' UploadedFile object to a StringIO to a Tempfile or even a simple String that is a URL that points to an image.

Paperclip will accept, by default, many of these sources. It also is capable of handling even more with a little configuration. The IO Adapters that handle images from non-local sources are not enabled by default. They can be enabled by adding a line similar to the following into




It's best to only enable a remote-loading adapter if you need it. Otherwise there's a chance that someone can gain insight into your internal network structure using it as a vector.

The following adapters are not loaded by default:

  • Paperclip::UriAdapter
    • which accepts a
  • Paperclip::HttpUrlProxyAdapter
    • which accepts a
  • Paperclip::DataUriAdapter
    • which accepts a Base64-encoded

Post Processing

Paperclip supports an extensible selection of post-processors. When you define a set of styles for an attachment, by default it is expected that those "styles" are actually "thumbnails." These are processed by


. For backward compatibility reasons you can pass either a single geometry string, or an array containing a geometry and a format that the file will be converted to, like so:

has\_attached\_file :avatar, styles: { thumb: ["32x32#", :png] }

This will convert the "thumb" style to a 32x32 square in PNG format, regardless of what was uploaded. If the format is not specified, it is kept the same (e.g. JPGs will remain JPGs).


uses ImageMagick to process images; ImageMagick's geometry documentationhas more information on the accepted style formats.

For more fine-grained control of the conversion process,




can be used to pass flags and settings directly to ImageMagick's powerful Convert tool, documented here. For example:

has\_attached\_file :image, styles: { regular: ['800x800\>', :png]}, source\_file\_options: { regular: "-density 96 -depth 8 -quality 85" }, convert\_options: { regular: "-posterize 3"}

ImageMagick supports a number of environment variables for controlling its resource limits. For example, you can enforce memory or execution time limits by setting the following variables in your application's process environment:


For a full list of variables and description, see ImageMagick's resources documentation.

Custom Attachment Processors

You can write your own custom attachment processors to carry out tasks like adding watermarks, compressing images, or encrypting files. Custom processors must be defined within the


module, inherit from


(see [


](, and implement a


method that returns a


. All files in your Rails app's




directories will be automatically loaded by Paperclip. Processors are specified using the


option to



has\_attached\_file :scan, styles: { text: { quality: :better } }, processors: [:ocr]

This would load the hypothetical class


, and pass it the options hash

{ quality: :better }

, along with the uploaded file.

Multiple processors can be specified, and they will be invoked in the order they are defined in the


array. Each successive processor is given the result from the previous processor. All processors receive the same parameters, which are defined in the


hash. For example, assuming we had this definition:

has\_attached\_file :scan, styles: { text: { quality: :better } }, processors: [:rotator, :ocr]

Both the


processor and the


processor would receive the options

{ quality: :better }

. If a processor receives an option it doesn't recognise, it's expected to ignore it.

NOTE: Because processors operate by turning the original attachment into the styles, no processors will be run if there are no styles defined.

If you're interested in caching your thumbnail's width, height and size in the database, take a look at the paperclip-metagem.

Also, if you're interested in generating the thumbnail on-the-fly, you might want to look into the attachment_on_the_flygem.

Paperclip's thumbnail generator (see [


]( is implemented as a processor, and may be a good reference for writing your own processors.


Before and after the Post Processing step, Paperclip calls back to the model with a few callbacks, allowing the model to change or cancel the processing step. The callbacks are




(which are called before and after the processing of each attachment), and the attachment-specific




. The callbacks are intended to be as close to normal ActiveRecord callbacks as possible, so if you return false (specifically - returning nil is not the same) in a


, the post processing step will halt. Returning false in an


will not halt anything, but you can access the model and the attachment if necessary.

NOTE: Post processing will not even start if the attachment is not valid according to the validations. Your callbacks and processors will only be called with valid attachments.

class Message \< ActiveRecord::Base has\_attached\_file :asset, styles: { thumb: "100x100#" } before\_post\_process :skip\_for\_audio def skip\_for\_audio ! %w(audio/ogg application/ogg).include?(asset\_content\_type) end end

URI Obfuscation

Paperclip has an interpolation called


for obfuscating filenames of publicly-available files.

Example Usage:

has\_attached\_file :avatar, { url: "/system/:hash.:extension", hash\_secret: "longSecretString" }



interpolation will be replaced with a unique hash made up of whatever is specified in


. The default value for






is required - an exception will be raised if


is used without



For more on this feature, read the author's own explanation

Checksum / Fingerprint

A checksum of the original file assigned will be placed in the model if it has an attribute named fingerprint. Following the user model migration example above, the migration would look like the following:

class AddAvatarFingerprintColumnToUser \< ActiveRecord::Migration def up add\_column :users, :avatar\_fingerprint, :string end def down remove\_column :users, :avatar\_fingerprint end end

The algorithm can be specified using a configuration option; it defaults to MD5 for backwards compatibility with Paperclip 5 and earlier.

has\_attached\_file :some\_attachment, adapter\_options: { hash\_digest: Digest::SHA256 }


CLASS=User ATTACHMENT=avatar rake paperclip:refresh:fingerprints

after changing the digest on existing attachments to update the fingerprints in the database.

File Preservation for Soft-Delete

An option is available to preserve attachments in order to play nicely with soft-deleted models. (acts_as_paranoid, paranoia, etc.)

has\_attached\_file :some\_attachment, { preserve\_files: true, }

This will prevent


from being wiped out when the model gets destroyed, so it will still exist when the object is restored later.

Dynamic Configuration

Callable objects (lambdas, Procs) can be used in a number of places for dynamic configuration throughout Paperclip. This strategy exists in a number of components of the library but is most significant in the possibilities for allowing custom styles and processors to be applied for specific model instances, rather than applying defined styles and processors across all instances.

Dynamic Styles:

Imagine a user model that had different styles based on the role of the user. Perhaps some users are bosses (e.g. a User model instance responds to


) and merit a bigger avatar thumbnail than regular users. The configuration to determine what style parameters are to be used based on the user role might look as follows where a boss will receive a


thumbnail otherwise a


thumbnail will be created.

class User \< ActiveRecord::Base has\_attached\_file :avatar, styles: lambda { |attachment| { thumb: (attachment.instance.boss? ? "300x300\>" : "100x100\>") } } end

Dynamic Processors:

Another contrived example is a user model that is aware of which file processors should be applied to it (beyond the implied


processor invoked when


are defined). Perhaps we have a watermark processor available and it is only used on the avatars of certain models. The configuration for this might be where the instance is queried for which processors should be applied to it. Presumably some users might return

[:thumbnail, :watermark]

for its processors, where a defined


processor is invoked after the


processor already defined by Paperclip.

class User \< ActiveRecord::Base has\_attached\_file :avatar, processors: lambda { |instance| instance.processors } attr\_accessor :processors end


By default, Paperclip outputs logging according to your logger level. If you want to disable logging (e.g. during testing) add this into your environment's configuration:

ruby Your::Application.configure do ... Paperclip.options[:log] = false ... end

More information in the rdocs


To make Capistrano symlink the


directory so that attachments survive new deployments, set the


option in your



set :linked\_dirs, fetch(:linked\_dirs, []).push('public/system')

Attachment Styles

Paperclip is aware of new attachment styles you have added in previous deploys. The only thing you should do after each deployment is to call

rake paperclip:refresh:missing\_styles

. It will store current attachment styles in


by default. You can change it by:

Paperclip.registered\_attachments\_styles\_path = '/tmp/config/paperclip\_attachments.yml'

Here is an example for Capistrano:

namespace :paperclip do desc "build missing paperclip styles" task :build\_missing\_styles do on roles(:app) do within release\_path do with rails\_env: fetch(:rails\_env) do execute :rake, "paperclip:refresh:missing\_styles" end end end end end after("deploy:compile\_assets", "paperclip:build\_missing\_styles")

Now you don't have to remember to refresh thumbnails in production every time you add a new style. Unfortunately, it does not work with dynamic styles - it just ignores them.

If you already have a working app and don't want

rake paperclip:refresh:missing\_styles

to refresh old pictures, you need to tell Paperclip about existing styles. Simply create a


file by hand. For example:

class User \< ActiveRecord::Base has\_attached\_file :avatar, styles: { thumb: 'x100', croppable: '600x600\>', big: '1000x1000\>' } end class Book \< ActiveRecord::Base has\_attached\_file :cover, styles: { small: 'x100', large: '1000x1000\>' } has\_attached\_file :sample, styles: { thumb: 'x100' } end

Then in



--- :User: :avatar: - :thumb - :croppable - :big :Book: :cover: - :small - :large :sample: - :thumb


Paperclip provides rspec-compatible matchers for testing attachments. See the documentation on Paperclip::Shoulda::Matchersfor more information.

Parallel Tests

Because of the default


for Paperclip storage, if you try to run tests in parallel, you may find that files get overwritten because the same path is being calculated for them in each test process. While this fix works for parallel_tests, a similar concept should be used for any other mechanism for running tests concurrently.

if ENV['PARALLEL\_TEST\_GROUPS'] Paperclip::Attachment.default\_options[:path] = ":rails\_root/public/system/:rails\_env/#{ENV['TEST\_ENV\_NUMBER'].to\_i}/:class/:attachment/:id\_partition/:filename" else Paperclip::Attachment.default\_options[:path] = ":rails\_root/public/system/:rails\_env/:class/:attachment/:id\_partition/:filename" end

The important part here being the inclusion of


, or a similar mechanism for whichever parallel testing library you use.

Integration Tests

Using integration tests with FactoryBot may save multiple copies of your test files within the app. To avoid this, specify a custom path in the


like so:

Paperclip::Attachment.default\_options[:path] = "#{Rails.root}/spec/test\_files/:class/:id\_partition/:style.:extension"

Then, make sure to delete that directory after the test suite runs by adding this to



config.after(:suite) do FileUtils.rm\_rf(Dir["#{Rails.root}/spec/test\_files/"]) end

Example of test configuration with Factory Bot

FactoryBot.define do factory :user do avatar {"#{Rails.root}/spec/support/fixtures/image.jpg") } end end


If you'd like to contribute a feature or bugfix: Thanks! To make sure your fix/feature has a high chance of being included, please read the following guidelines:

  1. Post a pull request.
  2. Make sure there are tests! We will not accept any patch that is not tested. It's a rare time when explicit tests aren't needed. If you have questions about writing tests for paperclip, please open aGitHub issue.

Please see [

]( for more details on contributing and running test.

Thank you to all the contributors!


Paperclip is Copyright © 2008-2017 thoughtbot, inc. It is free software, and may be redistributed under the terms specified in the MIT-LICENSE file.

About thoughtbot


Paperclip is maintained and funded by thoughtbot. The names and logos for thoughtbot are trademarks of thoughtbot, inc.

We love open source software! See our other projects orhire us to design, develop, and grow your product.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.