ActionMailer password security

前端 未结 2 1684
暖寄归人
暖寄归人 2021-02-14 11:03

Am I crazy, or is it a bad idea to keep my SMTP username and password for ActionMailer in the actual (development/production) config file? It seems like I should store it an enc

2条回答
  •  误落风尘
    2021-02-14 11:23

    Jimmy's answer is perfect (+1), I would also note that Github has recommended .gitignore files for every language and the Rails one is here Note that it includes config/*.yml so that no config/yml file is in the respository to begin with. Probably a good move.

    Use Capistrano to ask for these things upon deploy:setup the same way you should be doing for your database stuff:

    task :my_silly_task do 
        sendgrid_password = Capistrano::CLI.password_prompt("Sendgrid password: ")
        require 'yaml'
        spec =  {... whatever yaml you need -- probably what Jimmy said...}
        run "mkdir -p #{shared_path}/config" 
        put(spec.to_yaml, "#{shared_path}/config/mailer_config.yml") 
    end
    

提交回复
热议问题