I created a standalone recipe months ago. You can grab it from gist, save the file in your lib folder and load it from deploy.rb. http://gist.github.com/2769
It provides a couple of additional options. -- Simone On Thu, May 21, 2009 at 4:42 AM, Glenn Rempe <[email protected]> wrote: > > You might take a look at the Thoughtbot Suspenders template Rails > app. It contains a deploy.rb that prompts you for a db password when > you run cap deploy:setup and stores that password in a shared file on > the remote DB server. > > http://bit.ly/QcrOl > > The database.yml file is then setup to pull the password from this > shared file: > > http://bit.ly/svm27 > > The primary benefit here being that you don't store the password in > your SCM. > > Glenn > > On May 20, 6:27 pm, "S. Robert James" <[email protected]> wrote: > > We have our cap deploy setup to take a new app server from zero to > > working, all automatically. > > > > One issue we're getting stuck with is: Where to store the database > > password? > > > > I'll show you what we thought of, and why we don't like it. I'm sure > > some of the pros here have already grappled with this, so I'd like to > > here what you say. > > > > 1. Store in cap deploy files. > > PROBLEM: We don't want every developer who ever had access to cap > > deploy source to know the passwords. > > > > 2. Store in file on each server. > > PROBLEM: This would require manual setup of a new server. > > PROBLEM: Even if we accept to do it manually, in the course of doing > > so, it's quite likely that the password will get emailed around. > > "Anyone remember the pw to setup a new server? The box is down and I > > need to do a replacement quick." > > > > 3. Use a nonpassword system > > Windows supports authentication via user account on a known machine. > > I'm not sure how it works, or how secure it is. Haven't found any > > simple, secure way to do this via Linux. The ideal would be to tell > > the database server "If user rails_app on any of the local machines > > wants to connect, they don't need a password." But I'm not sure if > > there is a simple and secure way to do this. > > > > 4. Use some type of encryption > > I'm not sure how to use this to solve problems. The key needs to go > > somewhere, and so we're back to square one, on where to store the key. > > > > What do you do? Is there a best practice? What do the large > > enterprise / J2EE shops do? > > > > -- Simone Carletti Site & Blog: http://www.simonecarletti.com Email: [email protected] LinkedIn: http://linkedin.com/in/weppos Nick: weppos | Skype: weppos --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
