Home/ Questions/Q 8814631
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T04:10:35+00:00

Hi I have my rails app on heroku and github and am currently using

  • 0

Hi I have my rails app on heroku and github and am currently using a mailer in my app:

ActionMailer::Base.smtp_settings = {
  :address              => "smtp.gmail.com",
  :port                 => 587,
  :user_name            => "myemail@gmail.com",
  :password             => "PasswordShouldGoHere",
  :authentication       => "plain",
  :enable_starttls_auto => true
}

I don’t want my email and password to be visible on my github account, since people can just log in and steal my info. However, if I put a fake password, then my app will give me an error on heroku when the mailer is supposed to deliver. I know I can just push up the real email and password to heroku first and then edit it and put the fake password on my github account, but is there a better way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Like other people said, you can achieve this security by using ENV variables. Here’s how to do it:

    config.action_mailer.smtp_settings = {
  user_name: ENV["MAILER_EMAIL"],
  password: ENV["MAILER_PASSWORD"]
}

    Now, in production (Heroku), all you have to do is follow this guide. It basically amounts to opening your console and typing this:

    heroku config:set MAILER_EMAIL=email@example.com MAILER_PASSWORD=password

    In development, you can create a file inside the config/initializers folder with a suggestive name like app_env_vars.rb. Inside it, place the following:

    ENV['MAILER_EMAIL'] = 'email@example.com'
ENV['MAILER_PASSWORD'] = 'password'

    To prevent this newly created file from being pushed into your source control, you should add it to your .gitignore:

    /config/initializers/app_env_vars.rb

    However, there’s a problem because initializer files are only loaded after the environment, so there’s one last thing to do. Go to your environment.rb file and add the following before the Yourapp::Application.initialize!:

    # Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
load(app_env_vars) if File.exists?(app_env_vars)

    You’re done!

    However, if you find all of this configuration a hassle, then I recommend using the Figaro gem. It does everything I described and more!

    • 0