Rails : How to store mailer password safely?

Question

Hi I have my rails app on heroku and github and am currently using a mailer in my app:

ActionMailer::Base.smtp_settings = {
  :address              => "smtp.gmail.com",
  :port                 => 587,
  :user_name            => "myemail@gmail.com",
  :password             => "PasswordShouldGoHere",
  :authentication       => "plain",
  :enable_starttls_auto => true
}

I don't want my email and password to be visible on my github account, since people can just log in and steal my info. However, if I put a fake password, then my app will give me an error on heroku when the mailer is supposed to deliver. I know I can just push up the real email and password to heroku first and then edit it and put the fake password on my github account, but is there a better way?

I've read about that. Can you tell me how/where exactly environment variables are set? — bigpotato, Nov 08 '12 at 17:29

Ashitaka · Accepted Answer · 2016-11-21T10:47:52.450

Like other people said, you can achieve this security by using ENV variables. Here's how to do it:

config.action_mailer.smtp_settings = {
  user_name: ENV["MAILER_EMAIL"],
  password: ENV["MAILER_PASSWORD"]
}

Now, in production (Heroku), all you have to do is follow this guide. It basically amounts to opening your console and typing this:

heroku config:set MAILER_EMAIL=email@example.com MAILER_PASSWORD=password

In development, you can create a file inside the config/initializers folder with a suggestive name like app_env_vars.rb. Inside it, place the following:

ENV['MAILER_EMAIL'] = 'email@example.com'
ENV['MAILER_PASSWORD'] = 'password'

To prevent this newly created file from being pushed into your source control, you should add it to your .gitignore:

/config/initializers/app_env_vars.rb

However, there's a problem because initializer files are only loaded after the environment, so there's one last thing to do. Go to your environment.rb file and add the following before the Yourapp::Application.initialize!:

# Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
load(app_env_vars) if File.exists?(app_env_vars)

You're done!

However, if you find all of this configuration a hassle, then I recommend using the Figaro gem. It does everything I described and more!

I'm having this problem. Net::SMTPAuthenticationError in Devise::PasswordsController#create — xirukitepe, Jun 22 '13 at 09:34

score 4 · Answer 2 · answered Nov 08 '12 at 17:32

4

I would recommend using figaro gem to manage configuration settings. It uses ENV to store settings and it's exactly how apps on Heroku are configured.

answered Nov 08 '12 at 17:32

lest

7,780
2
24
22

score 0 · Answer 3 · answered Nov 08 '12 at 18:40

Take a look at this Rails Apps Tutorial.

The section "Use a Gmail account" shows this example config:

config.action_mailer.smtp_settings = {
  address: "smtp.gmail.com",
  port: 587,
  domain: "example.com",
  authentication: "plain",
  enable_starttls_auto: true,
  user_name: ENV["GMAIL_USERNAME"],
  password: ENV["GMAIL_PASSWORD"]
}

and suggests setting the variables in ~/.bashrc on your server:

export GMAIL_USERNAME="myname@gmail.com"
export GMAIL_PASSWORD="secret*"

You may need to set them somewhere else if the app server doesn't read the environment from ~/.bashrc. This is very dependent on what your app server is.

Rails : How to store mailer password safely?

3 Answers3

Linked