How Do You Secure database.yml?

Question

Within Ruby on Rails applications database.yml is a plain text file that stores database credentials.

When I deploy my Rails applications I have an after deploy callback

Answer 1

You'll also want to make sure that your SSH system is well secured to prevent people from logging in as your Capistrano bot. I'd suggest restricting access to password-protected key pairs.

Encrypting the .yml file on the server is useless since you have to give the bot the key, which would be stored . . . on the same server. Encrypting it on your machine is probably a good idea. Capistrano can decrypt it before sending.