Where are secrets.yaml?

A

Anton Misyagin2015-05-27 16:51:58

Ruby on Rails

Anton Misyagin, 2015-05-27 16:51:58

All private data is stored in this file. Then, if necessary, I substitute the value of the secret value somewhere in the code and it is substituted where necessary on the fly. What's the point of this? Convenient of course. 1 Everything in one place 2 if you need to ask something on the forum and attach a piece of the source code - no need to worry about posting something private in public. Then everyone writes that this file does not need to be uploaded to the repository, for example here: capistranorb.com/documentation/getting-started/pre... highlighted in red. So on the server, it will still appear and someone can access it except me. So the question is what is the main purpose of this file? Does it somehow add security? If so, how? How to use it correctly?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

thepry, 2015-05-27
@thepry

The point is that the file will be stored only on the server.
Yes, and you must configure the rights on the server so that the file is available only to those you trust.

_

_ _, 2015-05-27
@AMar4enko

When it comes to repositories, we mean primarily public ones.
Very often, keys from third-party APIs, or even worse, get into public repositories.
For example, there was a case when they used AWS keys found in public repositories on github to run virtual machines and then mined bitcoins on them. And people got bills under $10,000.
About the server - I wonder if you have a passage yard there? Ideally, only the continuous integration system or deploy user, in the case of Capistrano, should have access to the server.