在Rails应用程序中安全地提供数据库密码 [英] Securely providing the database password in a Rails app

问题描述

如你所知，你必须在config / database.yml文件中为数据库提供正确的数据库名称，用户名和密码，否则你的Rails应用程序将拒绝工作。

在默认设置中，您的密码是在config / database.yml文件中的纯文本。如果你的应用程序在一个免费的GitHub存储库，那么你的密码是公共信息。这不是一个严重的应用程序的可行选择。 （对于教程练习，这是没有问题的，前提是你不使用此密码为其他任何东西。）

我有一个解决方案，迄今为止已经为我工作，但我想知道是否有更好的东西。您可以在 https://github.com/jhsu802701/bsf 查看我已部署的示例。

我所做的是设置config / database.yml文件，为程序开发环境提供用户名和密码。对于开发环境，我向config / database.yml脚本添加命令以获取开发环境用户名（这是我使用的Debian Linux设置的常规用户名）和空白密码。 （我给我的用户名Postgres超级用户权限。）对于生产环境，我在部署脚本中添加一个命令，从我的帐户的其他地方的文件获取用户名和密码，并将此信息写入config / database.yml文件。 p>

有更好的解决方案吗？

如果没有，我想创建一个。

解决方案

heroku的方式，商店有ENV变量

将两个变量导出到您的环境中，

  export POSTGRES_USERNAME ='username'
 export POSTGRES_PASSWORD ='password'
  

.yml文件你可以做

 用户名：<％= ENV ['POSTGRES_USERNAME']％> 
密码：<％= ENV ['POSTGRES_PASSWORD']％> 
  

As you know, you MUST provide the correct database name, username, and password for the database in the config/database.yml file, or your Rails app will refuse to work.

In the default setup, your password is in plain text in the config/database.yml file. If your app is on a free GitHub repository, then your password is public information. This is not a viable option for a serious app. (It's OK for a tutorial exercise, provided that you don't use this password for anything else.)

I have a solution that has worked for me so far, but I'm wondering if there is something better. You can see my deployed example at https://github.com/jhsu802701/bsf .

What I do is set up the config/database.yml file to provide the username and password for the development environment programatically. For the development environment, I add commands to the config/database.yml script to acquire the development environment username (which is my regular username for the Debian Linux setup I use) and a blank password. (I give my username Postgres superuser privileges.) For the production environment, I add a command in the deployment script that acquires the username and password from files elsewhere on my account and writes this information to the config/database.yml file.

Is there a better solution?

Is there a Ruby gem that covers this? If not, I'm thinking of creating one.

解决方案

The way that heroku does it, and a vast majority of other rails shops are with ENV variables

Export two variables to your environment,

export POSTGRES_USERNAME='username'
export POSTGRES_PASSWORD='password'

then in your database.yml file you can do

username: <%= ENV['POSTGRES_USERNAME'] %>
password: <%= ENV['POSTGRES_PASSWORD'] %>

这篇关于在Rails应用程序中安全地提供数据库密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！