Dotenv - Secure config in environment variables
Dotenv is one of those few gems which provide an easy way for dev. teams to properly and (at least semi)-securely manage their application environments.
If you’re still storing your passwords and secret keys in a config file that is chucked in with the rest of your repository, DONT.
Its always better to store everything in ENV. You don’t want your pesky co-workers to find out that your password to everything is “ilovewatchingdonkeys” right?
Right?
Dotenv if properly setup allows you to store your important configuration settings in a gitignored .env file.
Quick setup:
# Gemfile
gem 'dotenv-rails'
# in some config/initializer
require 'dotenv'
Dotenv.load
# .env
FACEBOOK_SECRET: noyoudidnt
PRODUCTION_DB_PASSWORD: thisisapassword
fb_secret = ENV["FACEBOOK_SECRET"]
# do stuff with fb_secret
Caveat: Remember to explicitly tell .gitignore to ignore .env. Its not ignored automatically