1

In order to set up actionmailer/devise confirmation email I need to provide the details to a real gmail account: 

  config.action_mailer.delivery_method = :smtp
  config.action_mailer.smtp_settings = {
  address:              'smtp.gmail.com',
  port:                 587,
  domain:               'example.com',
  user_name:            'gmailaccount@gmail.com',
  password:             'gmailpassword',
  authentication:       'plain',
  enable_starttls_auto: true  }

But if I commit this file on github on a public repository it will be visible to the entire world.

One solution would be to make a private repository, but I don't think that is the best one. Maybe I want to share the code with other developers I don't know but I don't want them to see my email password.

The other sollution would be to add the developent.rb file to gitignore. However, I think that I would like to keep it in my version control as it changes with the progression of the project and is quite important to running the app.

How can I configure actionmailer without potentially revealling my gmail password to other developers/people via github?

----------------------FIX----------------------

This is a duplicate question.. I did know know how to properly search for the information.

There is a great answer on how to use environment variables here:

Rails : How to store mailer password safely?

Community
  • 1
  • 1
Vlad Otrocol
  • 2,952
  • 7
  • 33
  • 55

2 Answers2

2

What you generally do is:

  • version a template file (with documentation to explain each field value)
  • version a script able to generate the action file
  • declare that script as a content filter driver in a .gitattribute (as in here)
  • store the actual value outside the git repo (that way, they cannot be pushed by mistake)

smudge

(image from "Customizing Git Attributes" from the Git Book)

That would generate the right file with the right values.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
0

You could encrypt that single file. That way it would be tracked in the repo, but only you could actually read it.

There is a tool named git-crypt doing that (disclaimer: I haven't used it myself).

Jan Warchoł
  • 1,063
  • 1
  • 9
  • 22