Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How do I secure connection credentials which are used in config/database.yml. How do I secure username, password, host information for my db settings.
local: &local
adapter: mysql2
encoding: utf8
reconnect: false
username: foo
password: bar
host: localhost
You don’t. At some point you have to put this stuff in and it has to be in plaintext.
This is usually a problem during deployment where you don’t want anyone with read access to the repository to see your deployment servers db configuration.
I worked around that by having a custom capistrano task that copies (or symlinks) a database.yml from the server’s home directory into the app.
(So in my repo there is a blank database.yml and it gets overridden whenever I publish a new version by the secret version that’s already present on the server)
I wrote about this here:
http://www.tigraine.at/2011/09/25/securely-managing-database-yml-when-deploying-with-capistrano/
As for not sharing this while developing: Simply put database.yml into your .gitignore and it won’t get committed