3

I want a safe way to store the username and password of an API without other people seeing it within my cloud9 Ruby on Rails app. Is it safe to save them as environment variables?

I know my c9 code is public but are these variables also public?

How do I access them within the rails console? I tried ENV["VARIABLE_NAME"] but this does not seem to work within the console. Is there anything else I should do?

Mohamed Yakout
  • 2,868
  • 1
  • 25
  • 45
Christoph
  • 1,347
  • 2
  • 19
  • 36
  • 1
    Does the answer at http://stackoverflow.com/questions/25927513/storing-securely-passwords-for-connection-to-db-in-opensource-projects help? – Ivar Pruijn Sep 23 '14 at 11:04
  • No, I have seen that answer but it does not make it any clearer on how I use it within the console. I also cannot get it working within my code. (for example my seed.rb file) I have a feeling these variables only work for stuff you have to start your server for? – Christoph Sep 23 '14 at 13:52

1 Answers1

7

You can define environment variables in ~/.profile. Files outside of the workspace directory /home/ubuntu/workspace are not accessible for read only users. You can do e.g.

$ echo "export SECRET=geheim" >> ~/.profile

to define the variable SECRET and then use it through ENV["SECRET"] from your application. The runners (from the "run" button) and the terminal will evaluate ~/.profile and make the environment variable available to your app.

see also Storing securely passwords for connection to DB in opensource projects

Community
  • 1
  • 1
Fabian Jakobs
  • 28,815
  • 8
  • 42
  • 39
  • Thanks, it works. One important thing to mention is that I have to run the server like you said. Also the password has no quotes which I find strange. – Christoph Sep 24 '14 at 17:25
  • You can also use the terminal. There the environment variables will also be set. – Fabian Jakobs Sep 25 '14 at 11:28