Rails - where do I store config values?

Question

Where is the best place for storing configuration values (keys, passwords or just config values) in a Ruby on Rails application? I've searched a lot and didn't find the answer I thought the right one.

Answer 1

passwords (for the application) should be dealt with by an authentication/authorization gem such as Devise, Clearance, authLogic, etc.

Variables you want available through the ruby code of a given request to the application can be stored in global variables. Class level fixed values can be stored in constants. In rails as controllers inherit from application_controller you can define class level constants there. Check the Ruby language for the exact rules of inheritance for these variable types of variables.

In reality it's best practice not to do this at all or avoid it when possible and many good programmers will avoid this like the plague. It means your code blocks aren't encapsulated - the actions are now dependant on outside values and it increases coupling by making many items dependant on one thing that may change outside of their scope.

Answer 2

If it involves passwords, I would recommend you store the data in an external file so you can avoid committing the sensitive data to your repository. Then you can load the data into memory by reading the file in an initializer, e.g.:

config/my_secrets.yml:

development:
  password: abcdefgh
test:
  password: abcdefgh

config/initializers/load_my_config.rb:

MY_CONFIG = YAML.load_file("#{Rails.root.to_s}/config/my_secrets.yml")[Rails.env]

Now you can access your password in any environment by accessing MY_CONFIG['password']. The production password can be kept solely on the server (and in another secure location).

For non-sensitive data I would just place the data directly in an initializer.