7

I have designed an emailer and the SMTP gateway has authentication id and password which resides in the code. Now, I want to commit them to heroku but not to github. There are multiple collaborators on the project. So, I can create a new branch and keep the keys there and deploy it to heroku. This branch stays only locally and does not make it to github. However, if I follow this method, then all collaborators have to maintain a local branch for heroku and always follow the following procedure for deployment: 1. commit changes on master 2. merge master and heroku branches 3. deploy heroku branch

This seems error-prone and repititive. Not elegant.

The other way that occurred to me is to make a commit with the authentication values, push to heroku and then revert the commit. However, I think the authentication values will still make it github, if I do this. Even if github does not have the authentication values, it has to be done every time a collaborator pushes any new feature.

Please suggest.

dknight
  • 1,243
  • 10
  • 23

2 Answers2

8

You should be able to put your sensitive information into configuration variables in heroku, and then reference those config/environment variables, instead of directly using the passwords, etc. See Configuration and Config Vars on the Heroku Dev Center.

bdukes
  • 152,002
  • 23
  • 148
  • 175
  • Thanks for the reply. I will look into the link and see if it solves my issue. However, in case I plan to use some other hosting, what do I do then? Is there a more generic solution to this kind of problem? – dknight May 29 '12 at 21:28
  • I think in general most hosting like this will allow you to setup environment variables. – bdukes May 29 '12 at 21:30
1

Would it work to move the passwords from the code, into Heroku config values?

GIt Deployment + Configuration Files + Heroku

Community
  • 1
  • 1
geon
  • 8,128
  • 3
  • 34
  • 41