I have a suspicion that your problem is caused by Phusion Passenger (therefore, in production). The passenger is known for not setting environment variables.
This SO> problem offers two solutions: hardcoding values ββor overriding the Ruby shell used by Passenger.
I would suggest a third option: expanding environment variables during deployment. This is pretty much delayed hardcoding, but leaves your passwords out of your code.
You should execute this bash bit immediately after deployment:
mv config/environments/production.rb config/environments/production.before_sed.rb env | sed 's/[\%]/\\&/g;s/\([^=]*\)=\(.*\)/s%ENV\\[\\"\1\\"\\]%\2%/' > script/expand_env_vars.sed.script cat config/environments/production.before_sed.rb | sed -f script/expand_env_vars.sed.script > config/environments/production.rb
Here is the equivalent task of deploying Capistrano (many shoots ahead!):
desc "Replace environment variables with hardcoded values in config files" task :replace_env_vars, roles: :app do run "mv #{release_path}/config/environments/production.rb #{release_path}/config/environments/production.before_sed.rb" run 'env | sed \'s/[\%]/\\&/g;s/\([^=]*\)=\(.*\)/s%ENV\\\[\\\"\1\\\"\\\]%\\\"\2\\\"%/\' > ' + "#{release_path}/script/expand_env_vars.sed.script" run "cat #{release_path}/config/environments/production.before_sed.rb | sed -f #{release_path}/script/expand_env_vars.sed.script > #{release_path}/config/environments/production.rb" end after "deploy:update_code", "deploy:replace_env_vars"
However, for Capistrano you do not have the same environment variables set in the SSH session that it uses for deployment (it does not execute .bashrc, / etc / profile ...). You must re-export them to ~/.ssh/environment and add the following parameter to /etc/ssh/sshd_config :
PermitUserEnvironment yes
These latest instructions were found there . I personally documented my issue a bit on my new blog .
Hope this helps fix some security issues for you :)
adipasquale
source share