Reputation: 26699
How to secure database credentials present in database.yml
How do I secure connection credentials which are used in config/database.yml. How do I secure username, password, host information for my db settings.
local: &local
adapter: mysql2
encoding: utf8
reconnect: false
username: foo
password: bar
host: localhost
Upvotes: 4
Views: 2048
Answers (1)
Reputation: 23648
You don't. At some point you have to put this stuff in and it has to be in plaintext.
This is usually a problem during deployment where you don't want anyone with read access to the repository to see your deployment servers db configuration.
I worked around that by having a custom capistrano task that copies (or symlinks) a database.yml from the server's home directory into the app. (So in my repo there is a blank database.yml and it gets overridden whenever I publish a new version by the secret version that's already present on the server)
I wrote about this here: http://www.tigraine.at/2011/09/25/securely-managing-database-yml-when-deploying-with-capistrano/
As for not sharing this while developing: Simply put database.yml into your .gitignore and it won't get committed
Upvotes: 6
Related Questions
- Securely providing the database password in a Rails app
- What is the best solution to store password in rails yml file?
- How Do You Secure database.yml?
- Rails database password as environment variables
- Storing passwords in a database
- How to use secrets.yml in ruby on rails 4 to store a password in database.yml
- Rails is not using password provided in database.yml
- Is it ok to store DB password for the production environment in the config/database.yml file
- Making sure database.yml file has proper credentials
- Username and password in database.yml file ignored if not root