Re: [Rails] Remove passwords from database.yml in rails 2.3.8 application?

Ruby on Rails Sunday, November 1, 2015

Robert Nicholson <robert.nicholson@gmail.com> writes:

> We have a 2.3.8 application that has hard coded passwords in the database.yml file.
>
> If we were to use erb to bring these in from a file outside where in the initialization steps
> do I load the file to populate the variable I wish to interpolate?
>
> When I tried to do so in config/environment.rb the erb usage said the variable I use trying to interpolate was not defined.
>
> Trying something similar to what is advocated here
>
> http://rubyrobot.github.io/blog/2014/04/08/secure-rails-deployment-and-passwords-best-practices/

Generally, in projects I've worked on, these variables come from the
environment:

production:
# ...
username: <%= ENV['DB_USER'] %>
password: <%= ENV['DB_PASS'] %>


The actual environment variables would be up to you and your team, of
course.


--
Tamara Temple
tamouse@gmail.com
http://www.tamouse.org

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/m2a8qxnkl4.fsf%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Posted by Ruby on Rails at 7:31 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)