在Rails应用程序中安全地提供数据库密码[英] Securely providing the database password in a Rails app

本文是小编为大家收集整理的关于在Rails应用程序中安全地提供数据库密码的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

如您所知,您必须为config/database.yml文件中的数据库提供正确的数据库名称,用户名和密码,或者您的Rails应用程序将拒绝工作.

在默认设置中,您的密码在config/database.yml文件中使用纯文本.如果您的应用程序位于免费的GITHUB存储库中,则您的密码是公共信息.对于严重的应用程序而言,这不是可行的选择. (只要您不将此密码用于其他任何内容,都可以进行教程练习.)

我有一个解决方案到目前为止对我有用的解决方案,但是我想知道是否有更好的东西.您可以在 https://github.com/jhsu802701/bsf .

上看到我部署的示例.

我要做的是设置config/database.yml文件,以编程为开发环境提供用户名和密码.对于开发环境,我将命令添加到config/database.yml脚本以获取开发环境用户名(这是我使用的Debian Linux设置的常规用户名)和一个空白密码. (我给我的用户名postgres superuser特权.)对于生产环境,我在部署脚本中添加了一个命令,该命令从我的帐户上其他地方的文件中获取用户名和密码,并将此信息写入config/database.yml文件.

有更好的解决方案吗?

有没有覆盖此的红宝石宝石?如果没有,我正在考虑创建一个.

推荐答案

Heroku做到的方式,而绝大多数其他铁路商店都与Env变量

将两个变量导出到您的环境,

export POSTGRES_USERNAME='username'
export POSTGRES_PASSWORD='password'

然后在数据库中.您可以做

username: <%= ENV['POSTGRES_USERNAME'] %>
password: <%= ENV['POSTGRES_PASSWORD'] %>

其他推荐答案

这就是我使其工作的方式:

在终端/cmd上:

heroku config:set YOUR_DATABASE_PASSWORD=passywordy

然后,在/config/database.yml file;

production:
<<: *default
password: <%= ENV['YOUR_DATABASE_PASSWORD'] %>

(当我使用Rails New My_App -d PostgreSQL时,将自动生成此密码区域)

其他推荐答案

除了Heroku导出以外,您将变量变量(Linux)通过输入bash(linux) export KEY=value 然后,您可以通过ENV['KEY']

将其称为Rails

例如.
在狂欢中:
export CMS_DATABASE_PASSWORD=MySecurePassword
在secrets.ym中:
password: <%= ENV['CMS_DATABASE_PASSWORD'] %>

本文地址:https://www.itbaoku.cn/post/597682.html

问题描述

As you know, you MUST provide the correct database name, username, and password for the database in the config/database.yml file, or your Rails app will refuse to work.

In the default setup, your password is in plain text in the config/database.yml file. If your app is on a free GitHub repository, then your password is public information. This is not a viable option for a serious app. (It's OK for a tutorial exercise, provided that you don't use this password for anything else.)

I have a solution that has worked for me so far, but I'm wondering if there is something better. You can see my deployed example at https://github.com/jhsu802701/bsf .

What I do is set up the config/database.yml file to provide the username and password for the development environment programatically. For the development environment, I add commands to the config/database.yml script to acquire the development environment username (which is my regular username for the Debian Linux setup I use) and a blank password. (I give my username Postgres superuser privileges.) For the production environment, I add a command in the deployment script that acquires the username and password from files elsewhere on my account and writes this information to the config/database.yml file.

Is there a better solution?

Is there a Ruby gem that covers this? If not, I'm thinking of creating one.

推荐答案

The way that heroku does it, and a vast majority of other rails shops are with ENV variables

Export two variables to your environment,

export POSTGRES_USERNAME='username'
export POSTGRES_PASSWORD='password'

then in your database.yml file you can do

username: <%= ENV['POSTGRES_USERNAME'] %>
password: <%= ENV['POSTGRES_PASSWORD'] %>

其他推荐答案

This is how I make it work:

On terminal/cmd:

heroku config:set YOUR_DATABASE_PASSWORD=passywordy

Then, in /config/database.yml file;

production:
<<: *default
password: <%= ENV['YOUR_DATABASE_PASSWORD'] %>

(this password area is automatically generated when I used rails new my_app -d postgresql)

其他推荐答案

On other than heroku export you variables to system environment (linux) by typing in bash export KEY=value Then you can call it in Rails by ENV['KEY']

e.g.
in bash:
export CMS_DATABASE_PASSWORD=MySecurePassword
in secrets.yml:
password: <%= ENV['CMS_DATABASE_PASSWORD'] %>