Deploying app ENV variables with Rbenv, Passenger and Capistrano

Y	Hacker News new \| ask \| show \| jobs

	Deploying app ENV variables with Rbenv, Passenger and Capistrano (blog.intercityup.com)
	10 points by bjansn 4417 days ago

2 comments

tterrace 4417 days ago

"Put the secret into your shared/.rbenv-vars file"... and then say goodbye to them! http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0... . I don't think keeping your secrets in a file accessible to the web server is a good idea because of LFI vulns like this.

Some other ideas that I've heard that may be better: store the secrets on a separate "offline" server that only the web server can talk to. Or have the file readable only by root, run a bootstrap script as root that would read the file, drop root privs, and then start the webserver.

link

msikkes 4414 days ago

Ok. What about your database password? I think that your application will always have files that it should read for configuration files or other passwords...

link

hackerboos 4417 days ago

I'm going to go ahead and say that most people don't need rvm/rbenv/chruby etc in production.

Ask yourself if you really need multiple versions of ruby in production because if not you can save yourself the headache of setting it up.

link

msikkes 4414 days ago

We use it because we'd like to run multiple apps on one server. This way we can do that. With the added benefit of the .rbenv-vars to specify ENV.

link