Is it secure to store passwords as environment variables (rather than as plain text) in config files?

by

As mentioned before, both methods do not provide any layer of additional “security” once your system is compromised. I believe that one of the strongest reasons to favor environment variables is version control: I’ve seen way too many database configurations etc. being accidentially stored in the version control system like GIT for every other developer to see (and whoops! it happened to me as well …).

Not storing your passwords in files makes it impossible for them to be stored in the version control system.

More Related Contents:

  1. Setting Environment Variables in Rails 3 (Devise + Omniauth)
  2. Looking for suggestions for building a secure REST API within Ruby on Rails
  3. Capistrano and environment variables
  4. Where to store sensitive data in public rails app?
  5. Mysql2::Error::ConnectionError: Access denied for user
  6. Convert string to XXX
  7. Rails :include vs. :joins
  8. How can I rename a database column in a Ruby on Rails migration?
  9. How to get a random number in Ruby
  10. Ruby on Rails form_for select field with class
  11. Specifying rails version to use when creating a new application
  12. Rails: What’s a good way to validate links (URLs)?
  13. Rails 3 SQLite3 Boolean false
  14. Validate the number of has_many items in Ruby on Rails
  15. ruby 2.0 rails gem install error “cannot load such file — openssl”
  16. Making a table row into a link in Rails
  17. How to match accented characters with a regex?
  18. ‘require’: cannot load such file — ‘nokogiri\nokogiri’ (LoadError) when running `rails server`
  19. Suppress Ruby warnings when running specs
  20. How do I create an average from a Ruby array?
  21. Redis + ActionController::Live threads not dying
  22. f.error_messages in Rails 3.0
  23. EOFError: end of file reached issue with Net::HTTP
  24. Do CSRF attacks apply to API’s?
  25. Access Asset Path from Rails Controller
  26. LoadError: Could not load the ‘listen’ gem (Rails 5)
  27. Rails 4: Why are fonts not loading in production?
  28. Rails devise: user_signed_in? not working
  29. Ruby on Rails: Advanced search
  30. ImageMagick – “CORE_RL_magick_.dll not found” or how to install RMagick on windows with ruby 1.9.2

Leave a Comment