ryanflach

1. rails new <project_name> -d postgresql --skip-turbolinks --skip-spring -T

• -d postgresql sets up the project to use PostgreSQL
• --skip-turbolinks & --skip-spring creates a project that does not use turbolinks or spring
• -T skips the creation of the test directory and use of Test::Unit

2. In the Gemfile:

• Available to all environments:
  • gem 'figaro' - store environment variables securely across your app (docs)
  • Uncomment gem 'bcrypt', '~> 3.1.7' if you will be hosting your own user accounts with passwords (docs)
• Inside of group :test:
  • gem 'rspec-rails' - user rspec in place of minitest (docs)

pmarreck

# Encryption functions. Requires the GNUpg "gpg" commandline tool. On OS X, "brew install gnupg"
# Explanation of options here:
# --symmetric - Don't public-key encrypt, just symmetrically encrypt in-place with a passphrase.
# -z 9 - Compression level
# --require-secmem - Require use of secured memory for operations. Bails otherwise.
# cipher-algo, s2k-cipher-algo - The algorithm used for the secret key
# digest-algo - The algorithm used to mangle the secret key
# s2k-mode 3 - Enables multiple rounds of mangling to thwart brute-force attacks
# s2k-count 65000000 - Mangles the passphrase this number of times. Takes over a second on modern hardware.
# compress-algo BZIP2- Uses a high quality compression algorithm before encryption. BZIP2 is good but not compatible with PGP proper, FYI.