Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails : How to store mailer password safely?

Hi I have my rails app on heroku and github and am currently using a mailer in my app:

ActionMailer::Base.smtp_settings = {
  :address              => "smtp.gmail.com",
  :port                 => 587,
  :user_name            => "[email protected]",
  :password             => "PasswordShouldGoHere",
  :authentication       => "plain",
  :enable_starttls_auto => true
}

I don't want my email and password to be visible on my github account, since people can just log in and steal my info. However, if I put a fake password, then my app will give me an error on heroku when the mailer is supposed to deliver. I know I can just push up the real email and password to heroku first and then edit it and put the fake password on my github account, but is there a better way?

like image 458
bigpotato Avatar asked Nov 08 '12 17:11

bigpotato


2 Answers

Like other people said, you can achieve this security by using ENV variables. Here's how to do it:

config.action_mailer.smtp_settings = {
  user_name: ENV["MAILER_EMAIL"],
  password: ENV["MAILER_PASSWORD"]
}

Now, in production (Heroku), all you have to do is follow this guide. It basically amounts to opening your console and typing this:

heroku config:set [email protected] MAILER_PASSWORD=password

In development, you can create a file inside the config/initializers folder with a suggestive name like app_env_vars.rb. Inside it, place the following:

ENV['MAILER_EMAIL'] = '[email protected]'
ENV['MAILER_PASSWORD'] = 'password'

To prevent this newly created file from being pushed into your source control, you should add it to your .gitignore:

/config/initializers/app_env_vars.rb

However, there's a problem because initializer files are only loaded after the environment, so there's one last thing to do. Go to your environment.rb file and add the following before the Yourapp::Application.initialize!:

# Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
load(app_env_vars) if File.exists?(app_env_vars)

You're done!

However, if you find all of this configuration a hassle, then I recommend using the Figaro gem. It does everything I described and more!

like image 143
Ashitaka Avatar answered Nov 08 '22 23:11

Ashitaka


I would recommend using figaro gem to manage configuration settings. It uses ENV to store settings and it's exactly how apps on Heroku are configured.

like image 4
lest Avatar answered Nov 08 '22 23:11

lest