Filtering sensitive data with VCR

Question

I\'m using VCR gem to record http interactions and replay them in future. I want to filter-out my actual password value in the uri request. Here\'s sample of what the uri look

Answer 1

for rails 4+, if you are using secrets.yml you might want to do

VCR.configure do |config|
  Rails.application.secrets.each do |k,v|
    config.filter_sensitive_data("ENV[#{k}]") { v }
  end
end

now you're sure not to forget any

Answer 2

VCR.configure do |c|
  c.filter_sensitive_data("<SOMESITE_PASSWORD>") do
    ENV['SOMESITE_PASSWORD']
    # or $credentials['somesite']['password'] or whatever
  end
end

Essentially, you give VCR a bit of placeholder text, and then the block needs to return the real password, reading it from whatever the canonical password "repository" is.

Note that the real password is only needed the first time, when the request is recorded; on subsequent runs, it can be a fake password (as long as it's the same fake password used by the code making the request).