Reputation: 2665
Deploying with Heroku using a database.yaml file not in github repo
When pushing to Github, I want to .gitignore my database.yaml file so that I don't publically expose my production database password. But I need that password to be available to Heroku for when the app is running in production.
I could set environment variables in heroku, but that strikes me as unsecure. Any able to get on my computer could run a single command in terminal and reveal the password variable.
When dealing with Github and Heroku, it is possible to write code that specifies that certain files should be ignored when pushing to github but not ignored when pushing to heroku?
Upvotes: 0
Views: 551
Answers (1)
Reputation: 2068
Once someone gets access to your host, it's basically over. Either approach, environment variables or a database.yml file, will still be retrievable if someone has access to your box.
I would recommend using environment variables in Heroku to store your database credentials. As you know, you should never check in production credentials into any repository.
Upvotes: 1
Related Questions
- How to configure database.yml for deployment to Heroku
- Rails app on Heroku doesn't seem to need database.yml file
- Heroku App is Reading database.yml File
- Deploying rails app into heroku
- Production entry for rails database.yml file on Heroku
- How to correctly setup a database.yml file in Rails 4
- Unable to deploy Git repo project into Heroku
- Deploy Railsapp on Heroku
- Deploying a Ruby app from GitHub on Heroku
- Deploying App to Heroku