Rails : How to store mailer password safely?
Question
Hi I have my rails app on heroku and github and am currently using a mailer in my app:
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:user_name => "myemail@gmail.com",
:password => "PasswordShouldGoHere",
:authentication => "plain",
:enable_starttls_auto => true
}
I don't want my email and password to be visible on my github account, since people can just log in and steal my info. However, if I put a fake password, then my app will give me an error on heroku when the mailer is supposed to deliver. I know I can just push up the real email and password to heroku first and then edit it and put the fake password on my github account, but is there a better way?
3 answers
solution1
48 ACCPTED 2012-11-08 19:22:24
Like other people said, you can achieve this security by using ENV variables. Here's how to do it:
config.action_mailer.smtp_settings = {
user_name: ENV["MAILER_EMAIL"],
password: ENV["MAILER_PASSWORD"]
}
Now, in production (Heroku), all you have to do is follow this guide . It basically amounts to opening your console and typing this:
heroku config:set MAILER_EMAIL=email@example.com MAILER_PASSWORD=password
In development , you can create a file inside the config/initializers folder with a suggestive name like app_env_vars.rb . Inside it, place the following:
ENV['MAILER_EMAIL'] = 'email@example.com'
ENV['MAILER_PASSWORD'] = 'password'
To prevent this newly created file from being pushed into your source control, you should add it to your .gitignore :
/config/initializers/app_env_vars.rb
However, there's a problem because initializer files are only loaded after the environment, so there's one last thing to do. Go to your environment.rb file and add the following before the Yourapp::Application.initialize! :
# Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
load(app_env_vars) if File.exists?(app_env_vars)
You're done!
However, if you find all of this configuration a hassle, then I recommend using the Figaro gem . It does everything I described and more!
solution2
4 2012-11-08 17:32:34
I would recommend using figaro gem to manage configuration settings. It uses ENV to store settings and it's exactly how apps on Heroku are configured.
solution3
0 2012-11-08 18:40:55
Take a look at this Rails Apps Tutorial .
The section "Use a Gmail account" shows this example config:
config.action_mailer.smtp_settings = {
address: "smtp.gmail.com",
port: 587,
domain: "example.com",
authentication: "plain",
enable_starttls_auto: true,
user_name: ENV["GMAIL_USERNAME"],
password: ENV["GMAIL_PASSWORD"]
}
and suggests setting the variables in ~/.bashrc on your server:
export GMAIL_USERNAME="myname@gmail.com"
export GMAIL_PASSWORD="secret*"
You may need to set them somewhere else if the app server doesn't read the environment from ~/.bashrc . This is very dependent on what your app server is.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.