Hi I have my rails app on heroku and github and am currently using a mailer in my app:
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:user_name => "[email protected]",
:password => "PasswordShouldGoHere",
:authentication => "plain",
:enable_starttls_auto => true
}
I don't want my email and password to be visible on my github account, since people can just log in and steal my info. However, if I put a fake password, then my app will give me an error on heroku when the mailer is supposed to deliver. I know I can just push up the real email and password to heroku first and then edit it and put the fake password on my github account, but is there a better way?
Like other people said, you can achieve this security by using ENV
variables. Here's how to do it:
config.action_mailer.smtp_settings = {
user_name: ENV["MAILER_EMAIL"],
password: ENV["MAILER_PASSWORD"]
}
Now, in production (Heroku), all you have to do is follow this guide. It basically amounts to opening your console and typing this:
heroku config:set [email protected] MAILER_PASSWORD=password
In development, you can create a file inside the config/initializers folder with a suggestive name like app_env_vars.rb
. Inside it, place the following:
ENV['MAILER_EMAIL'] = '[email protected]'
ENV['MAILER_PASSWORD'] = 'password'
To prevent this newly created file from being pushed into your source control, you should add it to your .gitignore
:
/config/initializers/app_env_vars.rb
However, there's a problem because initializer files are only loaded after the environment, so there's one last thing to do. Go to your environment.rb
file and add the following before the Yourapp::Application.initialize!
:
# Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
load(app_env_vars) if File.exists?(app_env_vars)
You're done!
However, if you find all of this configuration a hassle, then I recommend using the Figaro gem. It does everything I described and more!
I would recommend using figaro gem to manage configuration settings. It uses ENV
to store settings and it's exactly how apps on Heroku are configured.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With