Rails存储第三方凭据。任何人知道最佳实践？ [英] Rails storing third party credentials.. Anyone know best practice?

问题描述

我已经阅读了一堆其他相关问题...没有什么似乎可以回答我的问题。

I've read a pile of other related questions... nothing really seems to answer the question I have.

我的应用程式会整合多个不同的第三方网站。 （ebay，paypal，google，amazon ...）它是一个产品管理系统，它推动产品的所有地方...

My application will integrate with several different third party sites. (ebay, paypal, google, amazon...) It is a product management system and it pushes products all over the place...

当然，因为它与所有这些网站，它需要用户名，密码，令牌..现在我不认为这是一个好主意，存储这些东西，但我仍然需要能够让他们原始，所以我可以嵌入他们在我发送的XML中，或者HTTP头。

Of course since it interacts with all these sites, it needs usernames, passwords, tokens.. ect.. Now I don't think it's really a good idea to store these things raw, but I still need to be able to get them raw, so I can embed them in the XML I send, or the HTTP header.

有没有人建议如何储存资讯？有轨道GEM吗？

Does anyone have a suggestion on how to store the info? Is there a rails GEM?

推荐答案

服务器环境变量是根据十二进制将凭据存储到数据库，第三方凭据等的最佳做法-Factor App 方法。如何存储它们取决于您使用的是什么以及如何设置它。这有助于保持信任不受源控制，出数据库和本地到服务器环境。要访问环境变量，可以使用 ENV ，例如：

Storing in server environment variables is the best practice for storing credentials to the DB, third-party credentials, etc. according to Twelve-Factor App methodology. How to store them depends on what you are using and how you have it setup. This promotes keeping creds out of source control, out of the database, and local to the server environment. To access an environment variable, you can use ENV, e.g.:

ENV['something']

这篇关于Rails存储第三方凭据。任何人知道最佳实践？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！