Rails 3 email password in environment.rb? Is clicking git safe?

Question

Rails 3 email password in environment.rb? Is clicking git safe?

I am sure that I should not publish my email password in the public git repository in the environment.rb file. Is there a way to avoid this by not including the entire file in .gitignore?

+4

security ruby-on-rails

chris May 28 '11 at 12:54

source share

3 answers

I also discovered another way that could be simpler:

configurations / Initializers / setup_mail.rb. There are the following applications (for example) for gmail:

 ActionMailer::Base.smtp_settings = { :enable_starttls_auto => true, :address => 'smtp.gmail.com', :port => 587, :domain => 'domain.name', :authentication => :plain, :user_name => ' namd@domain.name ', :password => 'secret' }

Then just add the .gitignore file. This way you only edit 2 (not 3) files.

0

chris May 30, '11 at 13:13

source share

Here is what I use:

 instance_eval File.read "#{ Rails.root }/config/confidential.rb"

and secret.rb is a file, for example:

 config.pass1 = '1234' config.pass2 = '54r235'

0

Dawid grzesiak Jul 05 '12 at 11:19

source share

moritz · Accepted Answer · 2011-05-28T12:59:11+0000

You can save your email credentials in another config / email.credentials.yml file:

host: ... username: ... password: ... ...

and in the environment.rb file just load them (for example):

 YAML.load_file("#{Rails.root}/config/email.credentials.yml")['username']

then you should mention the credential file in the .gitignore file.

In addition, if you deploy the application on multiple servers, you can check if the file exists in the initializer and otherwise cause an error. This way you will make sure that the application does not start if there is no mail configuration file.

Rails 3 email password in environment.rb? Is clicking git safe?

More articles: