Quick gem to help with passwords
31 views
Skip to first unread message
Michael Graff
Feb 21, 2013, 11:43:47 AM2/21/13
to rubyonrails-talk
I've created a small gem called multa_arcana (latin for "Many Secrets") which allows one to store all Rails secrets in one file, which should not be checked into revision control, but other files then can be. Source is on https://github.com/skandragon/multa_arcana
Usage:
add to Gemfile: gem 'multa_arcana'
Create a file to hold the secrets: config/secrets.yml
While the filename can be changed, it is somewhat hard to do so without modifying a file that is loaded fairly early, like application.rb. I just use the default. Currently to change this, one must pass in a file to load on the first call to retrieve a secret. API suggestions welcome.
Place in this file the various secrets your rails app needs to keep secret:
db_username: john
db_password: my-super-secret-db-password
secret_token: lkasjdlkqjlkas...la9u9203udkd
redis: redis://user:password-for-redis@host
devise_pepper: 239ru2ij3jf9u02dhis...92930d02hdhdlka3
Use it wherever you need to:
config/database.yml:
production:
adapter: postgresql
encoding: unicode
database: thing_production
pool: 5
host: 127.0.0.1
username: <% MultaArcana::secret_for(:db_username) %>
password: <% MultaArcana::secret_for(:db_password) %>
config/initializers/secret_token.rb:
Thing::Application.config.secret_token = MultaArcana::secret_for(:secret_token)
Robert Walker
Feb 21, 2013, 12:22:17 PM2/21/13
to rubyonra...@googlegroups.com
Michael Graff wrote in post #1098246:
https://github.com/binarylogic/settingslogic
--
Posted via http://www.ruby-forum.com/.
> I've created a small gem called multa_arcana (latin for "Many Secrets")
> which allows one to store all Rails secrets in one file, which should
> not
> be checked into revision control, but other files then can be. Source
> is
> on https://github.com/skandragon/multa_arcana
Interesting, but what advantage does this have over...
> which allows one to store all Rails secrets in one file, which should
> not
> be checked into revision control, but other files then can be. Source
> is
> on https://github.com/skandragon/multa_arcana
https://github.com/binarylogic/settingslogic
--
Posted via http://www.ruby-forum.com/.
Michael Graff
Feb 21, 2013, 12:28:21 PM2/21/13
to rubyonra...@googlegroups.com
Probably none, but "settingslogic" didn't appear in my search when I looked for ways to store secrets in a single file. :)
Robert Walker
Feb 22, 2013, 9:16:38 AM2/22/13
to rubyonra...@googlegroups.com
Michael Graff wrote in post #1098252:
shared it with the community. That's AWESOME! I considered doing
something similar, until I ran across SettingsLogic.
> Posted by unknown (Guest) on 2013-02-22 09:05
> Why not just use environment variables?
Yes, environment variables are certainly an option, but I really like
the consistent API, and baked-in support for different environments that
SettingLogic provides.
> Probably none, but "settingslogic" didn't appear in my search when I
> looked
> for ways to store secrets in a single file. :)
Sure there is advantage to writing your own gem. You wrote it, and
> looked
> for ways to store secrets in a single file. :)
shared it with the community. That's AWESOME! I considered doing
something similar, until I ran across SettingsLogic.
> Posted by unknown (Guest) on 2013-02-22 09:05
> Why not just use environment variables?
Yes, environment variables are certainly an option, but I really like
the consistent API, and baked-in support for different environments that
SettingLogic provides.
Michael Graff
Feb 23, 2013, 9:02:05 PM2/23/13
to rubyonra...@googlegroups.com
Because environment variables show up in process lists.
derek.m...@gmail.com
Feb 24, 2013, 10:22:50 AM2/24/13
to rubyonra...@googlegroups.com
If it's an issue of security...if somebody is already looking at your processes, what's keeping them from cd'ing to your application's config directory and reading secrets.yml?
Reply all
Reply to author
Forward
0 new messages