The file is kept with the deploy scripts and tasks reference the variables kept in the secrets file. For example we have a task that generates the database.yml based on an erb template and copies it out to the deploy location. The only place that username password exist on the remote server is in the generated database.yml. The only place that username and password exist in the deploy scripts is the secrets file which is gitignored and only a sample checked in.
On May 21, 2009, at 8:34 AM, "S. Robert James" <[email protected]> wrote: > > On May 21, 10:38 am, Donovan Bray <[email protected]> wrote: >> We use a file that's ignored by the scm and we check a template with >> bogus passwords into our deploy scripts. This let's developers use >> the >> deploy scripts to setup their own environments without divulging >> production env secrets. Ops maintains the official secrets file and >> it's kept in a central location that only ops has access to. > > How does the app get access to it? Is it NFS mountable in a known > location, or do ops manually copy it locally? > > --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
