Flexible credentials with Dancer::Plugin::Database
Hello all, I would like to use Dancer::Plugin::Database to access a postgresql database from my dancer application. The docu suggests to configure the connection like this: plugins: Database: driver: 'mysql' database: 'test' host: 'localhost' port: 3306 username: 'myusername' password: 'mypassword' connection_check_threshold: 10 dbi_params: RaiseError: 1 AutoCommit: 1 on_connect_do: ["SET NAMES 'utf8'", "SET CHARACTER SET 'utf8'" ] log_queries: 1 handle_class: 'My::Super::Sexy::Database::Handle' However, I would like to store the login details, namely username and password, in a different file that I can exclude from version control by gitignore for security reasons as well as to enable my co-developers to use different credentials on their system. Is there a good way to achieve this? Thanks for your help, Lutz
The good way is to use different environments (with different passwords) and use config.yml only for common params. 04.05.2014 1:50, Lutz Gehlen пишет:
[...] I would like to store the login details, namely username and password, in a different file that I can exclude from version control by gitignore for security reasons as well as to enable my co-developers to use different credentials on their system. Is there a good way to achieve this?
Thanks for your help, Lutz
-- Best Regards, Nick Knutov http://knutov.com ICQ: 272873706 Voice: +7-904-84-23-130
Hi Nick, thanks for your reply. On Saturday 03.05.2014 22:44:23 Nick Knutov wrote:
The good way is to use different environments (with different passwords) and use config.yml only for common params.
I had thought about environments, too. However, it looks like you can only load one environment file, or am I wrong? So I would have to duplicate the db settings in my current development.yml and production.yml and moreover would have to exlude those files from version control. I had hoped that there would be a way to modularize the config further in order to keep just the database settings or ideally just the login details in a separate file. In case this is not possible, am I approaching this issue in a completely wrong way? How does everyone else handle different database credentials on different machines? Thanks a lot, Lutz
04.05.2014 1:50, Lutz Gehlen пишет:
[...] I would like to store the login details, namely username and password, in a different file that I can exclude from version control by gitignore for security reasons as well as to enable my co-developers to use different credentials on their system. Is there a good way to achieve this?
Thanks for your help, Lutz
On 05/04/2014 09:19 AM, Lutz Gehlen wrote:
Hi Nick, thanks for your reply.
On Saturday 03.05.2014 22:44:23 Nick Knutov wrote:
The good way is to use different environments (with different passwords) and use config.yml only for common params.
I had thought about environments, too. However, it looks like you can only load one environment file, or am I wrong? So I would have to duplicate the db settings in my current development.yml and production.yml and moreover would have to exlude those files from version control.
I had hoped that there would be a way to modularize the config further in order to keep just the database settings or ideally just the login details in a separate file.
In case this is not possible, am I approaching this issue in a completely wrong way? How does everyone else handle different database credentials on different machines?
I using that approach above, database settings is going into environments/*.yml and these files are excluded from version control. Regards Racke -- Perl and Dancer Development Visit our Open Source conference on E-commerce: http://www.ecommerce-innovation.com/
Hello Racke and Nick, thanks for your replies. On Sunday 04.05.2014 11:55:39 Stefan Hornburg (Racke) wrote:
On 05/04/2014 09:19 AM, Lutz Gehlen wrote:
On Saturday 03.05.2014 22:44:23 Nick Knutov wrote:
The good way is to use different environments (with different passwords) and use config.yml only for common params.
I had thought about environments, too. However, it looks like you can only load one environment file, or am I wrong? So I would have to duplicate the db settings in my current development.yml and production.yml and moreover would have to exlude those files from version control.
I had hoped that there would be a way to modularize the config further in order to keep just the database settings or ideally just the login details in a separate file.
In case this is not possible, am I approaching this issue in a completely wrong way? How does everyone else handle different database credentials on different machines?
I using that approach above, database settings is going into environments/*.yml and these files are excluded from version control.
I think I will follow that approach as well then. Cheers, Lutz
Yes. Also, you can setup connection manually: my $newdb = db({ driver => 'mysql', database => 'test', host => $s->{name}, port => 3306, handle_class => '...', username => 'superuser', password => $s->{pass}, dbi_params => { RaiseError => 1, AutoCommit => 1, mysql_auto_reconnect => 1, mysql_enable_utf8 => 1, on_connect_do => ["SET NAMES 'utf8'", "SET CHARACTER SET 'utf8'" ], mysql_connect_timeout => 5 } }); and load config hash manually from different config. 04.05.2014 13:19, Lutz Gehlen пишет:
So I would have to duplicate the db settings in my current development.yml and production.yml and moreover would have to exlude those files from version control.
-- Best Regards, Nick Knutov http://knutov.com ICQ: 272873706 Voice: +7-904-84-23-130
On 05/03/2014 01:50 PM, Lutz Gehlen wrote:
Hello all, I would like to use Dancer::Plugin::Database to access a postgresql database from my dancer application. The docu suggests to configure the connection like this:
plugins: Database: driver: 'mysql' database: 'test' host: 'localhost' port: 3306 username: 'myusername' password: 'mypassword' connection_check_threshold: 10 dbi_params: RaiseError: 1 AutoCommit: 1 on_connect_do: ["SET NAMES 'utf8'", "SET CHARACTER SET 'utf8'" ] log_queries: 1 handle_class: 'My::Super::Sexy::Database::Handle'
However, I would like to store the login details, namely username and password, in a different file that I can exclude from version control by gitignore for security reasons as well as to enable my co-developers to use different credentials on their system. Is there a good way to achieve this?
In general, you should use .pgpass for storing Postgres connection credentials. See the Postgres docs <http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html> for details. This allows you to save credentials in one place without having to hard-code them into every application or config file that needs to access the database. Additionally, you should be able to use* a connection service file <http://www.postgresql.org/docs/9.3/static/libpq-pgservice.html> to configure different connection parameters, e.g. point to the development vs. production database. This StackOverflow answer <http://stackoverflow.com/a/19980156/176646> provides a good example using DBI in a regular Perl script. * I've used .pgpass but never .pg_service.conf To configure Dancer::Plugin::Database to use the connections from .pg_service.conf, your configuration should look something like: plugins: Database: dsn: 'dbi:Pg:service=test' dbi_params: RaiseError: 1 AutoCommit: 1 on_connect_do: ... (assuming you have a service named "test" in .pg_service.conf, as in the StackOverflow answer I cited earlier. You would presumably put the above in environments/development.yml) I haven't tried this with Postgres before so YMMV, but I do something similar with MySQL to allow non-Dancer apps and Dancer apps to share the same credentials file: plugins: Database: dsn: 'dbi:mysql:;mysql_read_default_file=/path/to/database.cfg' dbi_params: RaiseError: 1 AutoCommit: 1 Hope this is useful to you.
Hello Maxwell, thank you for your suggestions. On Monday 05.05.2014 20:33:08 Maxwell Carey wrote: [...]
On 05/03/2014 01:50 PM, Lutz Gehlen wrote: In general, you should use .pgpass for storing Postgres connection credentials. See the Postgres docs <http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html> for details. This allows you to save credentials in one place without having to hard-code them into every application or config file that needs to access the database.
I have used a pgpass file before, you are right, this might be the way to go here, too.
Additionally, you should be able to use* a connection service file <http://www.postgresql.org/docs/9.3/static/libpq-pgservice.html> to configure different connection parameters, e.g. point to the development vs. production database. This StackOverflow answer <http://stackoverflow.com/a/19980156/176646> provides a good example using DBI in a regular Perl script.
* I've used .pgpass but never .pg_service.conf
To configure Dancer::Plugin::Database to use the connections from .pg_service.conf, your configuration should look something like:
plugins: Database: dsn: 'dbi:Pg:service=test' dbi_params: RaiseError: 1 AutoCommit: 1 on_connect_do: ...
(assuming you have a service named "test" in .pg_service.conf, as in the StackOverflow answer I cited earlier. You would presumably put the above in environments/development.yml)
I haven't tried this with Postgres before so YMMV, but I do something similar with MySQL to allow non-Dancer apps and Dancer apps to share the same credentials file:
plugins: Database: dsn: 'dbi:mysql:;mysql_read_default_file=/path/to/database.cfg' dbi_params: RaiseError: 1 AutoCommit: 1
Hope this is useful to you.
I didn't know about pg_service, I will certainly look into that. Thanks a lot, Lutz
participants (4)
-
Lutz Gehlen -
Maxwell Carey -
Nick Knutov -
Stefan Hornburg (Racke)