What should be removed from public source control in Ruby on Rails?

Question

I\'ve been searching the web, and I can\'t find any good/recent examples of what to exclude from a new public rails app. I\'m looking to open source my app on GitHub and am

Answer 1

You'll get different opinions. IMHO, it's best-practice to include these files, but omit the secret content from them. Document what you're doing so developers who are new to your project know what they need to fill in.

Phusion has a good blog post about how to handle the Rails session secret, and the tradeoffs you can make to include or exclude information:

http://blog.phusion.nl/2013/01/04/securing-the-rails-session-secret/#.URYPXekTMak

My favorite way to document these is using a "rake setup" task. You can have the task print what the developer needs to do-- in other words, you don't need to automate it all (though that's nice if you're able to do it).

If you want to get fancy, have your files read the secret settings from a shared/ directory, which also enables deployment symlinking. This is described in the Phusion blog too. This is how I build apps that need to be deployed frequently.