When I was searching for action mailer setups, everyone talked about environmental variables, but I never saw them showing people how they are set up. They usually mentioned something along the lines of “If you can figure out environmental variables, you are a step ahead of the game”.
Personally, I think they should have been mentioned because these environmental variables are important in keeping your secrets safe from the public, especially when it comes to the username and password for the email you will be using for the mailer.
To set up the environmental variable
In the initializers folder, create a ruby file named something that you will be able to identify as the place for your variables. In my case, I used app_env_vars.rb or application environmental variables for short. In that folder, created the variables to look like this:
These will replace the actual username and password of your account.
Now, if you were to create these variables and push these to a public repository, you would be exposing your secrets to everyone who checks out your code. Git Hub will surely send you and email and scold you in GitHub fashion to inform you that you have been exposing your secrets for (x) amount of minutes and the time will continue to increase until you make these changes. When in doubt, you can always utilize Git Guardian to your advantage. It will inform you of all exposed secrets.
To make sure this does not happen, go into the .gitignore file and paste the relative location of the environment file you have created. This means no one will be able to see your information. The only thing they will see are the names of the variables you created. Mine looks like this:
The environmental variables do not have to apply only to the creation of action mailer as I have shown. For example, if you were to use the devise gem it contains a key within the comments that should become an environmental variable instead. Bottom line, if you are working on something that involves using a key or password or any kind of information that could create a security risk, create that environmental variable.
Top comments (0)