0

can I have a password in config/application.rb if I upload to a public github repository?

I am setting up a contact form and have a password to a particular email for that project there. If I push to github will this be public? Where can I learn what branches are public and which ones are private from a rails app?

I'm rather new to rails so simple terms would be appreciated.

I have something like so:

class Application < Rails::Application

config.action_mailer.smtp_settings = {
  :address              => "mail.domain.com",
  :port                 => 587,
  :domain               => "domain.com",
  :user_name            => "events@domain.com",
  :password             => "password",
  :authentication       => :plain,
  :enable_starttls_auto => true
}

config.action_mailer.default_url_options = {
  :host => "www.domain.com"
}

end

user3597950
  • 9,201
  • 6
  • 26
  • 35

1 Answers1

1

It is better to put your env variables and passwords in .env files. In main app folder create file .env (. is important). Then in this file define your password:

export PASSWORD="yourpasswordhere"

and then use it in any file within config folder as follows:

:password       => ENV['PASSWORD']

In order to use it you will need to install dotenv gem. Also do not forget to add these files into .gitignore.

EDIT: regarding private/public. If you have public account on Github - everything you push will be public. So using the approach I demonstrated you'll make sure, that your passwords and important variables never visible to public.

Andrey Deineko
  • 51,333
  • 10
  • 112
  • 145
  • Also note that simply removing the password from your config and committing is not sufficient from a security perspective, as Git will remember what used to be committed. I recommend changing your passwords if they have every been committed in addition to removing them from your config file. – ChrisGPT was on strike Aug 08 '14 at 12:55