Dotenv is one of those few gems which provide an easy way for dev. teams to
properly and (at least semi)-securely manage their application environments.
If you’re still storing your passwords and secret keys in a config file that is
chucked in with the rest of your repository, DONT.
Its always better to store everything in ENV. You don’t want your pesky
co-workers to find out that your password to everything is
Dotenv if properly setup allows you to store your important configuration
settings in a gitignored .env file.
# Gemfile gem 'dotenv-rails' # in some config/initializer require 'dotenv' Dotenv.load
# .env FACEBOOK_SECRET: noyoudidnt PRODUCTION_DB_PASSWORD: thisisapassword
fb_secret = ENV["FACEBOOK_SECRET"] # do stuff with fb_secret
Caveat: Remember to explicitly tell .gitignore to ignore .env. Its not ignored automatically