Use of figaro gem (or something like dotenv) in all environments.
The Figaro config/application.yml
file with all the secrets will be git-ignored. So on every deployment server I had to manually add the file shared/config/application.yml
and then linked automatically on each deployment to the current version of the app by adding in config/deploy.rb
:
set :linked_files, %w{config/application.yml}
For development config/application.yml
is something like the following:
development:
IBRA_IDS_CONVERTER_HOST: "localhost"
IBRA_IDS_CONVERTER_PORT: "3001"
IBRA_IDS_CONVERTER_TOKEN: "fdsdfjhiljlidhfshfshr67rseet4gsd"
IBRA_DEV_DB: "ibra_development"
IBRA_DEV_DB_USERNAME: "root"
IBRA_DEV_DB_PASSWORD: "dfasdf"
IBRA_SECRET_TOKEN: b3c56aa8deed27f812f149589d7260745b05eb1b8777856eb29992c8cff042f084c1a0ae4a95a3f77032263935ceca5f2e1fe51c1fad7782dfcd7db0e8de21a2
Database secrets are also moved to environment. config/database.yml
:
development: &dev
adapter: mysql2
encoding: utf8
reconnect: false
database: <%= ENV["IBRA_DEV_DB"] %>
username: <%= ENV["IBRA_DEV_DB_USERNAME"] %>
password: <%= ENV["IBRA_DEV_DB_PASSWORD"] %>
socket: /tmp/mysql.sock
test: &test
<<: *dev
database: ibra_test
staging:
adapter: mysql2
encoding: utf8
reconnect: false
database: <%= ENV["IBRA_STAGING_DB"] %>
username: <%= ENV["IBRA_STAGING_DB_USERNAME"] %>
password: <%= ENV["IBRA_STAGING_DB_PASSWORD"] %>
production:
adapter: mysql2
encoding: utf8
reconnect: false
database: <%= ENV["IBRA_PRODUCTION_DB"] %>
username: <%= ENV["IBRA_PRODUCTION_DB_USERNAME"] %>
password: <%= ENV["IBRA_PRODUCTION_DB_PASSWORD"] %>
The same for the secret_token. config/initializer/secret_token.rb
:
Ibra::Application.config.secret_token = ENV['IBRA_SECRET_TOKEN']
As an alternative, you can as well not use Figaro and ENV and move all files with secrets like config/database.yml
or config/initializer/secret_token.rb
to the deployement servers and then link them with capistrano.
http://daniel.fone.net.nz/blog/2013/05/20/a-better-way-to-manage-the-rails-secret-token/ http://www.jamesbadger.ca/2012/12/18/generate-new-secret-token/ http://www.gotealeaf.com/blog/managing-environment-configuration-variables-in-rails