ActionMailer password security

前端 未结 2 1682
暖寄归人
暖寄归人 2021-02-14 11:03

Am I crazy, or is it a bad idea to keep my SMTP username and password for ActionMailer in the actual (development/production) config file? It seems like I should store it an enc

2条回答
  •  鱼传尺愫
    2021-02-14 11:15

    Use an application configuration file that is not stored in your repository for storing sensitive information. Here is how I've done it:

    1. Add an app_config.yml in your config directory. Its contents would look like this:

      smtp_password: kl240jvfslkr32rKgjlk
      some_other_password: 34hg9r0j0g402jg
      and_so_on: lkn$@gJkjgsFLK4gaj
      
    2. Add a preinitializer.rb in your config directory with the following contents:

      require 'yaml'
      APP_CONFIG = YAML.load(File.read(RAILS_ROOT + "/config/app_config.yml"))
      
    3. Substitute your passwords for values in the APP_CONFIG variable, like so:

      smtp_password = kl240jvfslkr32rKgjlk # old version
      smtp_password = APP_CONFIG['smtp_password'] # new version
      

    Make sure you don't include app_config.yml in your repository, though you may want to create an example file that is checked in, just to show a sample of what should be in it. When you deploy your application, make sure that app_config.yml is stored on the server. If you're using a standard Capistrano deployment, put the file in the shared folder and update your deployment task to create a symlink to it in the current release's directory.

提交回复
热议问题