Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails : How to store mailer password safely?

Tags:

ruby-on-rails

Hi I have my rails app on heroku and github and am currently using a mailer in my app:

ActionMailer::Base.smtp_settings = {
  :address              => "smtp.gmail.com",
  :port                 => 587,
  :user_name            => "[email protected]",
  :password             => "PasswordShouldGoHere",
  :authentication       => "plain",
  :enable_starttls_auto => true
}

I don't want my email and password to be visible on my github account, since people can just log in and steal my info. However, if I put a fake password, then my app will give me an error on heroku when the mailer is supposed to deliver. I know I can just push up the real email and password to heroku first and then edit it and put the fake password on my github account, but is there a better way?

like image 458
bigpotato Avatar asked Nov 08 '12 17:11

bigpotato

2 Answers

Like other people said, you can achieve this security by using ENV variables. Here's how to do it:

config.action_mailer.smtp_settings = {
  user_name: ENV["MAILER_EMAIL"],
  password: ENV["MAILER_PASSWORD"]
}

Now, in production (Heroku), all you have to do is follow this guide. It basically amounts to opening your console and typing this:

heroku config:set [email protected] MAILER_PASSWORD=password

In development, you can create a file inside the config/initializers folder with a suggestive name like app_env_vars.rb. Inside it, place the following:

ENV['MAILER_EMAIL'] = '[email protected]'
ENV['MAILER_PASSWORD'] = 'password'

To prevent this newly created file from being pushed into your source control, you should add it to your .gitignore:

/config/initializers/app_env_vars.rb

However, there's a problem because initializer files are only loaded after the environment, so there's one last thing to do. Go to your environment.rb file and add the following before the Yourapp::Application.initialize!:

# Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
load(app_env_vars) if File.exists?(app_env_vars)

You're done!

However, if you find all of this configuration a hassle, then I recommend using the Figaro gem. It does everything I described and more!

like image 143
Ashitaka Avatar answered Nov 08 '22 23:11

Ashitaka

I would recommend using figaro gem to manage configuration settings. It uses ENV to store settings and it's exactly how apps on Heroku are configured.

like image 4
lest Avatar answered Nov 08 '22 23:11

lest
Sign in to Comment

Related questions

How to round a time to the nearest 15 minute segment
How to send argument to class in Quartz.Net
Twig access object
Generating a random hex string (of length 50) in Java ME/J2ME
Associating git commits with Team Foundation work items
Service variable not updating in controller
db.collection.update( ) all documents
How to align PanelGrid to center? JSF-Primefaces
Read text file from C# Resources
Deny access to specific file types in specific directory
Empty querysets in Django
How to avoid public access to private fields?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!