Protecting Passwords in a Rails Application's Environments

SO I found this sweet code to use Gmail in as the SMTP server for a Rails application:

config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
 :a开发者_Python百科ddress => "smtp.gmail.com",
 :port => 587,
 :domain => "google.com",
 :authentication => :login,
 :user_name => "<email address>",
 :password => "<password>",
 :enable_starttls_auto => true
}

This is awesome, but it requires me to authenticate, so my username and password will appear in the settings hash.

How can I protect my username and password from the source code and the CVS (i.e., from other developers whom I may grant access). I was thinking along the lines of somehow reading those values out of a text file on my development machine's home directory, but I couldn't quite work out how to do it.

Can anyone help with a way to protect these values from having to be committed to my CVS.

So I figured it out (apparently I had over-throught the problem):

 :user_name => IO.readlines('/some/path/secret_auth.txt')[0],
 :password => IO.readlines('/some/path/secret_auth.txt')[1]

This reads the first and second lines from the path specified and uses them in the rails app. and since the file is outside the scope of the CVS it is unknown to other developers.

And to @zabba - you are correct, you can (provided you can get access to the instance of the rails configuration).

I've answered pretty much this exact same question before right here. Long story short, set your credentials up as environment variables like so:

config.action_mailer.smtp_settings = {
 :address => "smtp.gmail.com",
 :port => 587,
 :domain => "google.com",
 :authentication => :login,
 :user_name => ENV['EMAIL_USERNAME'],
 :password => ENV['EMAIL_PASSWORD'],
 :enable_starttls_auto => true
}