This article will show you how to keep your sensitive information secure by using environment variables to store sensitive data.

Look at the code below.


config.action_mailer.smtp_settings = {
  address: "smtp.gmail.com",
  port: 587,
  domain: "example.com",
  authentication: "plain",
  enable_starttls_auto: true,
  user_name: ENV["GMAIL_USERNAME"],
  password: ENV["GMAIL_PASSWORD"]
}

Notice the ENV["GMAIL_USERNAME"] and ENV["GMAIL_PASSWORD"] portions of the code. You may have seen this before. ENV tells Rails to look for an environment variable with that particular name (GMAIL_USERNAME and GMAIL_PASSWORD) on the local server the app is running on. How exactly do these get set? One way to do that would be to set them at the terminal using the export command.


export GMAIL_USERNAME="[email protected]"
export GMAIL_PASSWORD="monkey123"

There are a couple of problems with this approach. First, you will need system access in order to change these values. Second, depending on the environment, these values may or may not get set prior to the app starting up. Despite these disadvantages, using environment variables is an important part of keeping your data secure. For example, storing your sensitive info in environment variables prevents you from accidently committing them to your local git repository and sharing information with all of the other users that have access to this repository. There IS another way to do things however.

Storing Environment Variables in a YAML File

Ruby has the ability to modify the environment. This makes it possible to load the environment variables from a YAML file at startup. In order to do this we need to create an initializer. Create an initializer called environment_variables.rb and add in the code listed below.

config/initializers/environment_variables.rb:

module EnvironmentVariablesExample
  class Application < Rails::Application
    config.before_configuration do
      env_file = Rails.root.join("config", 'environment_variables.yml').to_s

      if File.exists?(env_file)
        YAML.load_file(env_file)[Rails.env].each do |key, value|
          ENV[key.to_s] = value
        end # end YAML.load_file
      end # end if File.exists?
    end # end config.before_configuration
  end # end class
end # end module

The code listed above will look to see if an environment_variables.yml file exists. If it exists the file will be loaded and the environment variables will be set.

Next we need to create the yaml file that will store our settings. Create a file called environment_variables.yaml in your config folder and add in the code listed below.

config/environment_variables.yml:

development:
  GMAIL_USERNAME: [email protected]
  GMAIL_PASSWORD: monkey123
production:
  GMAIL_USERNAME: [email protected]
  GMAIL_PASSWORD: myproductionpassword123

Notice that we are diving things out by the environment. This will let us specify different settings for both development as well as production.

The next thing we need to do is add this file to our gitignore file to keep it from getting pushed to our local git repo. Open the gitignore file and add the following line to the very end. Please note that the example project that you can download at the top of the article skips this step.

.gitignore:

config/environment_variables.yml

Now, if we start a rails console with rails c we can see that the settings have taken effect and be used in the application. See the example below.


Loading development environment (Rails 4.0.1)
irb(main):001:0> ENV['GMAIL_USERNAME']
=> "[email protected]"
irb(main):002:0>

Now your application will load the environment variables from this file every time it starts up. Thats it! Thanks for reading!