0

I am setting up a redirection through SendGrid for the mails sent by my rails application. However I am not really satisfied with the way I'm told to store the credentials.

As it is specified there, they suggest to overwrite ActionMailers defaults in the config/environment.rb file. I've found out that my predecessor created a initializers/smtp.rb file where he defined the previous settings, but by discovering this file, I discovered the SMTP password...

If I modify any of these files, anuone having access to the git repository will have access to the credentials (including the front-end and back-end freelances we work with).

I was thinking of creating a file that would stay on the server's shared folder (like the database.yml file) and that would be symlinked to the app each time we deploy thanks to capistrano.

What do you think of it? Would it be okay to just move this initializers/smtp.rb to the server's shared folder and symlink it when deploying?

André Medeiros
  • 810
  • 4
  • 13
ldavin
  • 423
  • 2
  • 5
  • 16

2 Answers2

1

My suggestion (what I've seen done):

Move API keys and sensitive info into a yml file under config/.

Load this yml file into a variable, for instance

KEYS = YAML::load(File.open("#{RAILS_ROOT}/config/config.yml"))

Voila.

Also, when putting your code up on GitHub for example, this config.yml would be something you add to the .gitignore. Instead, make a config-example.yml and tell your developers to get their own keys and passwords and such, storing them in their local config.yml.

varatis
  • 14,494
  • 23
  • 71
  • 114
  • 1
    Then I would add a small capistrano recipe to symlink a version of this file (stored on the server) to the config/ directory ? – ldavin Jul 06 '12 at 15:53
1

Environmental variables are the best way if you're on *nix

Stick your variables in .bashrc file like so:

// no need for quotation marks
export GMAIL_USER=my_gmail_user_name@gmail.com
export GMAIL_PASSWORD=my_gmail_password

And call them in your smtp initializer like so:

ActionMailer::Base.smtp_settings = {
  :user_name            => ENV['GMAIL_USER'],
  :password             => ENV['GMAIL_PASSWORD']
}

Restart bash and your rails app. All should work. Heroku have a good article on how to use env variables on their network.

stephenmurdoch
  • 34,024
  • 29
  • 114
  • 189
  • I think Apache does not prevent you to use environment variables. I mean I don't see how. – sites Jun 01 '13 at 19:43