ActionMailer password security
Am I crazy, or is it a bad idea to keep my SMTP username and password for ActionMailer in the actual (development/production) config file? It seems like I should store it an enc
-
Use an application configuration file that is not stored in your repository for storing sensitive information. Here is how I've done it:
Add an
app_config.ymlin yourconfigdirectory. Its contents would look like this:smtp_password: kl240jvfslkr32rKgjlk some_other_password: 34hg9r0j0g402jg and_so_on: lkn$@gJkjgsFLK4gajAdd a
preinitializer.rbin yourconfigdirectory with the following contents:require 'yaml' APP_CONFIG = YAML.load(File.read(RAILS_ROOT + "/config/app_config.yml"))Substitute your passwords for values in the
APP_CONFIGvariable, like so:smtp_password = kl240jvfslkr32rKgjlk # old version smtp_password = APP_CONFIG['smtp_password'] # new version
Make sure you don't include
app_config.ymlin your repository, though you may want to create an example file that is checked in, just to show a sample of what should be in it. When you deploy your application, make sure thatapp_config.ymlis stored on the server. If you're using a standard Capistrano deployment, put the file in the shared folder and update your deployment task to create a symlink to it in the current release's directory.讨论(0) -
Jimmy's answer is perfect (+1), I would also note that Github has recommended .gitignore files for every language and the Rails one is here Note that it includes config/*.yml so that no config/yml file is in the respository to begin with. Probably a good move.
Use Capistrano to ask for these things upon deploy:setup the same way you should be doing for your database stuff:
task :my_silly_task do sendgrid_password = Capistrano::CLI.password_prompt("Sendgrid password: ") require 'yaml' spec = {... whatever yaml you need -- probably what Jimmy said...} run "mkdir -p #{shared_path}/config" put(spec.to_yaml, "#{shared_path}/config/mailer_config.yml") end讨论(0)
加载中...
- 热议问题