Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securely providing the database password in a Rails app

As you know, you MUST provide the correct database name, username, and password for the database in the config/database.yml file, or your Rails app will refuse to work.

In the default setup, your password is in plain text in the config/database.yml file. If your app is on a free GitHub repository, then your password is public information. This is not a viable option for a serious app. (It's OK for a tutorial exercise, provided that you don't use this password for anything else.)

I have a solution that has worked for me so far, but I'm wondering if there is something better. You can see my deployed example at https://github.com/jhsu802701/bsf .

What I do is set up the config/database.yml file to provide the username and password for the development environment programatically. For the development environment, I add commands to the config/database.yml script to acquire the development environment username (which is my regular username for the Debian Linux setup I use) and a blank password. (I give my username Postgres superuser privileges.) For the production environment, I add a command in the deployment script that acquires the username and password from files elsewhere on my account and writes this information to the config/database.yml file.

Is there a better solution?

Is there a Ruby gem that covers this? If not, I'm thinking of creating one.

like image 818
jhsu802701 Avatar asked Jun 17 '13 15:06

jhsu802701


People also ask

How do I create a master key in Rails?

We have to do it manually. Copy content of original credentials rails credentials:show somewhere temporarily. Run EDITOR=vim rails credentials:edit in the terminal: This command will create a new master. key and credentials.

Where is Rails application secrets?

Rails stores secrets in config/credentials. yml. enc, which is encrypted and cannot be edited directly.


2 Answers

The way that heroku does it, and a vast majority of other rails shops are with ENV variables

Export two variables to your environment,

export POSTGRES_USERNAME='username'
export POSTGRES_PASSWORD='password'

then in your database.yml file you can do

username: <%= ENV['POSTGRES_USERNAME'] %>
password: <%= ENV['POSTGRES_PASSWORD'] %>
like image 139
Adam Carlile Avatar answered Sep 19 '22 18:09

Adam Carlile


This is how I make it work:

On terminal/cmd:

heroku config:set YOUR_DATABASE_PASSWORD=passywordy

Then, in /config/database.yml file;

production:
<<: *default
password: <%= ENV['YOUR_DATABASE_PASSWORD'] %>

(this password area is automatically generated when I used rails new my_app -d postgresql)

like image 29
cibinlik Avatar answered Sep 20 '22 18:09

cibinlik