Where to put secure passwords / keys in rails app?

Question

Where to put secure passwords / keys in rails app?

I have several web services that require secure tokens / keys / passwords. Where should I define these safe values for my rails application? I want development keys in version control, but I don't want production keys in version control. How do I set this up? I am new to rails.

+4

security ruby-on-rails

Bradford Jun 05 '11 at 19:24

source share

3 answers

apneadiving is right, a symbolic link to files is a good idea. Another approach is to put the keys in shell variables that are accessible only to the user starting the application. Then in your rails application you will have

 login = ENV['SERVICE_LOGIN'] password = ENV['SERVICE_PASSWORD']

+4

Evgeny shadchnev Jun 05 '11 at 19:46

source share

In Rails 4.1.0, go to secrets.yml .

0

user456584 Apr 16 '14 at 19:25

source share

apneadiving · Accepted Answer · 2011-06-05T19:42:15+0000

You see the question correctly.

Put your passwords and keys in some yml file excluded from version control.

Then, on your production server, create the same file and add a symbolic application to it each time you deploy.

EDIT.

Capistrano is almost ready to meet these needs:

put your yml files in shared folder

In the capistrano deploy.rb file:

 after 'deploy' do run "ln -s #{shared_path}/database.yml #{release_path}/config/database.yml" end

for working with yml files: http://railscasts.com/episodes/85-yaml-configuration-file

Where to put secure passwords / keys in rails app?

More articles: