部署 Capistrano 部署 rails app 时怎么处理敏感文件?
最近在尝试使用 Capistrano 部署 rails app,但是像 database.yml 这样比较敏感的文件要怎么处理呢?
我从网上看到一些文章说要把这样的文件从 git repo 中删除,
git rm --cached config/database.yml
echo config/database.yml >> .gitignore
然后上传文件到服务器或者在部署的时候手动输入数据库的密码,看了一些文章但是没看明白,希望大牛们指点一下!
Rei
#1
2015年01月30日
其实 Rails 默认配置已经给出提示:
# As with config/secrets.yml, you never want to store sensitive information,
# like your database password, in your source code. If your source code is
# ever seen by anyone, they now have access to your database.
#
# Instead, provide the password as a unix environment variable when you boot
# the app. Read http://guides.rubyonrails.org/configuring.html#configuring-a-database
# for a full rundown on how to provide these environment variables in a
# production deployment.
#
# On Heroku and other platform providers, you may have a full connection URL
# available as an environment variable. For example:
#
# DATABASE_URL="mysql2://myuser:mypass@localhost/somedatabase"
#
# You can use this database configuration with:
#
# production:
# url: <%= ENV['DATABASE_URL'] %>
#
production:
<<: *default
database: app_production
username: app
password: <%= ENV['APP_DATABASE_PASSWORD'] %>
在 服务器上 capinstrano 的 shared 下建立一个 config 文件夹 然后将你服务器的 database.yml 放在这个目录下 在 deploy.rb 里配置
set :linked_files, %w(config/database.yml config/secrets.yml)
