I guess maybe I answered above, but for the sake of answers instead of comments:
- I think you should be able to modify the expiry by setting fog_authenticated_url_expiration in your carrierwave config.
- Yes, if you want separate public files, you should just have a separate bucket and possibly distribution.
- What are you getting back out from this authenticated_url? Sounds like it isn't what you expect, but knowing what it is should help.
Thanks.