ActionMailer password security

Question

Am I crazy, or is it a bad idea to keep my SMTP username and password for ActionMailer in the actual (development/production) config file? It seems like I should store it an enc

Answer 1

Jimmy's answer is perfect (+1), I would also note that Github has recommended .gitignore files for every language and the Rails one is here Note that it includes config/*.yml so that no config/yml file is in the respository to begin with. Probably a good move.

Use Capistrano to ask for these things upon deploy:setup the same way you should be doing for your database stuff:

task :my_silly_task do 
    sendgrid_password = Capistrano::CLI.password_prompt("Sendgrid password: ")
    require 'yaml'
    spec =  {... whatever yaml you need -- probably what Jimmy said...}
    run "mkdir -p #{shared_path}/config" 
    put(spec.to_yaml, "#{shared_path}/config/mailer_config.yml") 
end