Filtering sensitive data with VCR

Question

I'm using VCR gem to record http interactions and replay them in future. I want to filter-out my actual password value in the uri request. Here's sample of what the uri looks like:

http://services.somesite.com/Services.asmx/Cabins
Username=long&Password=john&StartDate=03%2F22%2F2012&EndDate=03%2F29%2F2012

Though an explanation is provided here, I'm still not sure how to do it after a few attempts myself:

https://www.relishapp.com/myronmarston/vcr/v/2-0-0/docs/configuration/filter-sensitive-data

Any help would be appreciated.

Answer 1

Updated answer for Rails 6+ with encrypted secrets, based on @montrealmike's answer:

VCR.configure do |config|
  Rails.application.credentials.config.each do |k, v|
    config.filter_sensitive_data("ENV[#{k}]") { v }
  end
end

The only change was replacing Rails.application.secrets for Rails.application.credentials.config.

Answer 2

for rails 4+, if you are using secrets.yml you might want to do

VCR.configure do |config|
  Rails.application.secrets.each do |k,v|
    config.filter_sensitive_data("ENV[#{k}]") { v }
  end
end

now you're sure not to forget any

Answer 3

VCR.configure do |c|
  c.filter_sensitive_data("<SOMESITE_PASSWORD>") do
    ENV['SOMESITE_PASSWORD']
    # or $credentials['somesite']['password'] or whatever
  end
end

Essentially, you give VCR a bit of placeholder text, and then the block needs to return the real password, reading it from whatever the canonical password "repository" is.

Note that the real password is only needed the first time, when the request is recorded; on subsequent runs, it can be a fake password (as long as it's the same fake password used by the code making the request).