在 Rails 应用程序中安全地提供数据库密码 [英] Securely providing the database password in a Rails app

问题描述

如您所知，您必须在 config/database.yml 文件中为数据库提供正确的数据库名称、用户名和密码，否则您的 Rails 应用程序将无法运行.

As you know, you MUST provide the correct database name, username, and password for the database in the config/database.yml file, or your Rails app will refuse to work.

在默认设置中，您的密码在 config/database.yml 文件中以纯文本形式显示.如果您的应用位于免费的 GitHub 存储库中，那么您的密码就是公共信息.对于严肃的应用程序来说，这不是一个可行的选择.(如果您不将此密码用于其他任何用途，则可以进行教程练习.)

In the default setup, your password is in plain text in the config/database.yml file. If your app is on a free GitHub repository, then your password is public information. This is not a viable option for a serious app. (It's OK for a tutorial exercise, provided that you don't use this password for anything else.)

到目前为止，我有一个对我有用的解决方案，但我想知道是否有更好的解决方案.您可以在 https://github.com/jhsu802701/bsf 查看我部署的示例.

I have a solution that has worked for me so far, but I'm wondering if there is something better. You can see my deployed example at https://github.com/jhsu802701/bsf .

我所做的是设置 config/database.yml 文件以编程方式为开发环境提供用户名和密码.对于开发环境，我将命令添加到 config/database.yml 脚本以获取开发环境用户名(这是我使用的 Debian Linux 设置的常规用户名)和空白密码.(我给我的用户名 Postgres 超级用户权限.)对于生产环境，我在部署脚本中添加了一个命令，该命令从我帐户其他位置的文件中获取用户名和密码，并将此信息写入 config/database.yml 文件.

What I do is set up the config/database.yml file to provide the username and password for the development environment programatically. For the development environment, I add commands to the config/database.yml script to acquire the development environment username (which is my regular username for the Debian Linux setup I use) and a blank password. (I give my username Postgres superuser privileges.) For the production environment, I add a command in the deployment script that acquires the username and password from files elsewhere on my account and writes this information to the config/database.yml file.

有没有更好的解决方案?

Is there a better solution?

是否有涵盖此内容的 Ruby gem?如果没有，我正在考虑创建一个.

Is there a Ruby gem that covers this? If not, I'm thinking of creating one.

推荐答案

heroku 的做法，以及绝大多数其他 rails 商店都使用 ENV 变量

The way that heroku does it, and a vast majority of other rails shops are with ENV variables

将两个变量导出到您的环境中，

Export two variables to your environment,

export POSTGRES_USERNAME='username'
export POSTGRES_PASSWORD='password'

然后在你的 database.yml 文件中你可以做

then in your database.yml file you can do

username: <%= ENV['POSTGRES_USERNAME'] %>
password: <%= ENV['POSTGRES_PASSWORD'] %>

这篇关于在 Rails 应用程序中安全地提供数据库密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！