Reputation: 20746
Is it ok to store DB password for the production environment in the config/database.yml file
Is it ok to store DB password for the production environment in the "config/database.yml" file? Or is there any more correct way to do it (maybe environment variables)?
Thanks in advance.
Upvotes: 3
Views: 1461
Answers (1)
Reputation: 18351
It's not a good idea! One main reason is that the config/database.yml file will probably be included in some kind of source control, like a git repository. Even if the repo is private currently, you can't know for sure it won't be made public in the future and then you would have a problem on your hands!
In addition, if anyone ever gains read-access to your application's files or just a copy of your application's source, they now have your database password.
A typical solution is to set an environment variable like you suggested and then read it in the .yml file:
password: <%= ENV['DATABASE_PASSWORD'] %>
If you're using a PaaS like Heroku, this is the standard way to do things. But even this isn't a perfect solution, so evaluate your options carefully.
Upvotes: 3
Related Questions
- Is it safe to commit Rails' credentials.yml.enc file?
- Securely providing the database password in a Rails app
- How Do You Secure database.yml?
- Rails database password as environment variables
- How to use secrets.yml in ruby on rails 4 to store a password in database.yml
- Where to store env vars for staging / production rails apps
- Rails - Security best practices for production server passwords?
- Making sure database.yml file has proper credentials
- How does one store credentials on the development and production environments?
- How to secure database credentials present in database.yml