Dotenv - Secure config in environment variables

Dotenv is one of those few gems which provide an easy way for dev. teams to
properly and (at least semi)-securely manage their application environments.

If you’re still storing your passwords and secret keys in a config file that is
chucked in with the rest of your repository, DONT.

Its always better to store everything in ENV. You don’t want your pesky
co-workers to find out that your password to everything is
“ilovewatchingdonkeys” right?


Dotenv if properly setup allows you to store your important configuration
settings in a gitignored .env file.

Quick setup:

# Gemfile
gem 'dotenv-rails'

# in some config/initializer
require 'dotenv'

# .env

fb_secret = ENV["FACEBOOK_SECRET"]

# do stuff with fb_secret

Caveat: Remember to explicitly tell .gitignore to ignore .env. Its not ignored automatically