0

I have a very simple Rails app that sends out a welcome email when the user signs up. I'm using my gmail account to send the message, and I have the password for my gmail account stored in the app, as shown below:

application.rb

require File.expand_path('../boot', __FILE__)

require 'rails/all'

if defined?(Bundler)
  # If you precompile assets before deploying to production, use this line
  Bundler.require(*Rails.groups(:assets => %w(development test)))
  # If you want your assets lazily compiled in production, use this line
  # Bundler.require(:default, :assets, Rails.env)
end

ENV.update YAML.load(File.read(File.expand_path('../application.yml', __FILE__)))

module TestMailApp
  class Application < Rails::Application

    config.action_mailer.smtp_settings = {
      :address              => "smtp.gmail.com",
      :port                 => 587,
      :domain               => "my address",
      :user_name            => "my_gmail_name",
      :password             => ENV["MAIL_PASSWORD"],
      :authentication       => :plain,
      :enable_starttls_auto => true
    }

    config.action_mailer.default_url_options = {
      :host => "my address"
    }


application.yml

MAIL_PASSWORD: "my_password"


I want to hide the password stored in the application.yml file in my git repository. I tried adding the application.yml to my gitignore file, but that just crashes my app.

How do I hide this password in my git repository so that my app still works, and I don't have to put my app into a private repository?

user1429496
  • 313
  • 1
  • 6
  • 20
  • Duplicate of duplicates =] http://stackoverflow.com/questions/3605866/hide-password-when-checking-config-file-in-git (also, off of stackoverflow: http://ejohn.org/blog/keeping-passwords-in-source-control/) – Pete Scott Jul 14 '13 at 18:29
  • Take a look at [this](http://stackoverflow.com/questions/15978253/rails-how-to-store-passwords-for-other-services) – Althaf Hameez Jul 14 '13 at 18:29
  • Adding `application.yml` seems to me like just the thing you need to do. How does that crash your app? I would've thought the app would be completely agnostic of the git repo... – Emil Lundberg Jul 14 '13 at 21:24
  • possible duplicate of [What is the best practice for dealing with passwords in github?](http://stackoverflow.com/questions/2397822/what-is-the-best-practice-for-dealing-with-passwords-in-github) –  Jul 20 '13 at 19:54

3 Answers3

4

You basically can't. That sort of info is best stored as an environment variable on the server, or in a config file that you don't add to git.

Matt Gibson
  • 14,616
  • 7
  • 47
  • 79
  • you cannot have it stored in the git repo and have it hidden from other users of the repo. that is true. but you can have the file in your .gitingore and have a local version lying around in your clone of the repo (on the server). it will not be version controlled, but this probably exactly what you want for credentials. see http://stackoverflow.com/a/17484565/2536029 – mnagel Jul 15 '13 at 09:18
2

my exemple for sendgrid:

development.rb

  if ENV['SENDGRID_USERNAME']
    config.action_mailer.smtp_settings = {
        :address => 'smtp.sendgrid.net',
        :domain => 'heroku.com',
        :port => '587',
        :authentication => :plain,
        :user_name => ENV['SENDGRID_USERNAME'],
        :password => ENV['SENDGRID_PASSWORD']
    }
  end

on your server edit bash profile:

nano .bash_profile

and add your value:

export SENDGRID_USERNAME=yourusername
export SENDGRID_PASSWORD=yourpassword

after this on my local machine I have to close all console windows and open it again to initialize these env variables and you are good to go. If you do this on vps you probably need to restart your vps, not sure.

rmagnum2002
  • 11,341
  • 8
  • 49
  • 86
0

Try using dotenv gem https://rubygems.org/gems/dotenv . By mentioning .env files in .gitignore you can achieve your desired result.

Karthikeyan A K
  • 61
  • 6