Dotenv - Secure config in environment variables

Dotenv is one of those few gems which provide an easy way for dev. teams to properly and (at least semi)-securely manage their application environments.

If you’re still storing your passwords and secret keys in a config file that is chucked in with the rest of your repository, DONT.

Its always better to store everything in ENV. You don’t want your pesky co-workers to find out that your password to everything is “ilovewatchingdonkeys” right?

Right?

Dotenv if properly setup allows you to store your important configuration settings in a gitignored .env file.

Quick setup:

# Gemfile
gem 'dotenv-rails'

# in some config/initializer
require 'dotenv'
Dotenv.load

# .env
FACEBOOK_SECRET: noyoudidnt
PRODUCTION_DB_PASSWORD: thisisapassword

fb_secret = ENV["FACEBOOK_SECRET"]

# do stuff with fb_secret

Caveat: Remember to explicitly tell .gitignore to ignore .env. Its not ignored automatically