1

Encountered a problem with environmental variables for the Rails project to pass gitlab CI. Currently, I’m using dotenv gem to store the credentials of my project. Also, I’ve assigned the environment variables in gitlab CI environment. For example, database.yml:

host: <%= ENV['DATABASE_HOST'] %>

.env file:

DATABASE_HOST=somehost

gitlab CI variable:

DATABASE_HOST=somehost

I put .env file in .gitignore and guessed Rails would use variables from gitlab CI. But getting an access error to database. Found a way around, to create local .env files and shared ones as the instruction of dotenv gem suggest. Then put local files in .gitignore and let shared files with credentials for gitlab CI/CD be pushed to repository.

But struggling to understand how secure this approach is? And, in general, what is the best practice for using environment variables/credentials for Rails project and gitlab CI/CD?

Alex Riabukha
  • 297
  • 1
  • 12
  • Rails encrypted secrets really solve most of the problems that Dotenv did and don't have the risks of cleartext files (like being accidentially committed). – max Apr 29 '21 at 14:13

1 Answers1

0

Ideally .env will include sensitive information in most of the cases. so its not a good practice to commit these into any version control system.

https://dev.to/somedood/please-dont-commit-env-3o9h - Detailed guide here of the risks involved with .env file

Hemali
  • 465
  • 4
  • 8