Hiding my sensitive information (e.g. password) from github

Question

I just set up Devise (rails authentication plugin) to send a confirmation email upon sign up. This involved my putting the following into my environment.rb file:

<         


        

Answer 1

Create a config file containing the mail settings and load them from a file. Check in the config file with all the settings erased. Have your application check to see if the file is filled in, and if it is not, display an error and exit gracefully (or disable mailing, just make sure that the user knows what is going on).

This has the added advantage that users can easily change mail settings without having to edit code. Telling a user to edit the code to set a configuration is, in general, a bad idea. Also, you can keep the configuration in a separate location from the code so it is easier to get to.