Rails:如何安全地存储邮件密码? [英] Rails : How to store mailer password safely?

问题描述

我在 heroku 和 github 上有我的 rails 应用程序，目前我在我的应用程序中使用邮件程序:

Hi I have my rails app on heroku and github and am currently using a mailer in my app:

ActionMailer::Base.smtp_settings = {
  :address              => "smtp.gmail.com",
  :port                 => 587,
  :user_name            => "myemail@gmail.com",
  :password             => "PasswordShouldGoHere",
  :authentication       => "plain",
  :enable_starttls_auto => true
}

我不希望我的电子邮件和密码在我的 github 帐户中可见，因为人们可以登录并窃取我的信息.但是，如果我输入了一个假密码，那么当邮件程序应该发送时，我的应用程序会在 heroku 上给我一个错误.我知道我可以先将真实的电子邮件和密码推送到 heroku，然后编辑它并将假密码放在我的 github 帐户中，但有没有更好的方法?

I don't want my email and password to be visible on my github account, since people can just log in and steal my info. However, if I put a fake password, then my app will give me an error on heroku when the mailer is supposed to deliver. I know I can just push up the real email and password to heroku first and then edit it and put the fake password on my github account, but is there a better way?

推荐答案

就像其他人所说的，您可以通过使用 ENV 变量来实现这种安全性.操作方法如下:

Like other people said, you can achieve this security by using ENV variables. Here's how to do it:

config.action_mailer.smtp_settings = {
  user_name: ENV["MAILER_EMAIL"],
  password: ENV["MAILER_PASSWORD"]
}

现在，在生产 (Heroku) 中，您只需遵循本指南.它基本上相当于打开您的控制台并输入:

Now, in production (Heroku), all you have to do is follow this guide. It basically amounts to opening your console and typing this:

heroku config:set MAILER_EMAIL=email@example.com MAILER_PASSWORD=password

在开发中，您可以在 config/initializers 文件夹中创建一个文件，并使用类似于 app_env_vars.rb 的提示名称.在里面，放置以下内容:

In development, you can create a file inside the config/initializers folder with a suggestive name like app_env_vars.rb. Inside it, place the following:

ENV['MAILER_EMAIL'] = 'email@example.com'
ENV['MAILER_PASSWORD'] = 'password'

为了防止这个新创建的文件被推送到你的源代码管理中，你应该将它添加到你的.gitignore:

To prevent this newly created file from being pushed into your source control, you should add it to your .gitignore:

/config/initializers/app_env_vars.rb

然而，有一个问题，因为初始化文件只在环境之后加载，所以还有最后一件事要做.转到您的 environment.rb 文件并在 Yourapp::Application.initialize! 之前添加以下内容:

However, there's a problem because initializer files are only loaded after the environment, so there's one last thing to do. Go to your environment.rb file and add the following before the Yourapp::Application.initialize!:

# Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
load(app_env_vars) if File.exists?(app_env_vars)

大功告成！

但是，如果您觉得所有这些配置都很麻烦，那么我建议您使用 Figaro gem.它可以完成我所描述的一切，甚至更多！

However, if you find all of this configuration a hassle, then I recommend using the Figaro gem. It does everything I described and more!

这篇关于Rails:如何安全地存储邮件密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！