Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using this gem to access google docs in my app.
https://github.com/gimite/google-drive-ruby
I login to my google account like this –
session = GoogleDrive.login("username@gmail.com", "mypassword")
This gem is then stored in my tasks folder and deployed with my app to heroku.
Is this safe? Should I be storing a password in plan text like this.
If not, what are the alternatives?
Heroku lets you set config variables that will become environment variables on the heroku dyno. In terms of safety, it’s not really much more safe — as a similar exploit could gain access to static file contents as could gain access to the environment, but this seems to be the preferred way of managing privileged credentials. See https://devcenter.heroku.com/articles/config-vars#setting-up-config-vars-for-a-deployed-application
The one advantage of using heroku’s config over storing the credentials in your codebase is that you can manage who has access to them via heroku’s access controls, rather than having to manage through both heroku as well as managing who has access to the codebase.