[Dancer-users] "sensitive" config data in SCM

Mr. Puneet Kishor punk.kish at gmail.com
Fri Sep 9 01:07:51 CEST 2011 

On Sep 8, 2011, at 1:02 PM, David Precious wrote:

> On Thursday 08 September 2011 17:42:18 Mr. Puneet Kishor wrote:
>> Not a Dancer question per se, but I am sure a few of you have encountered
>> this, and it is a "best practice" issue I am encountering for my Dancer
>> apps, so --
>> 
>> I have hard at work learning Git, striving to put all my work in a Git repo
>> (including Github, where appropriate). Yesterday I realized that I would
>> be committing my database and other passwords to the repo as well
> 
> I would be inclined to simply put the database config into 
> environments/production.yml, and *not* commit that file.
> 
> So, non-sensitive app config goes in config.yml, but the sensitive stuff is 
> not included.
> 
> (You'll probably, at some point, want to have differing database config for 
> development and production anyway...)



Well, that is not a good option, because that way other users who clone the repo don't get everything to make the project work. They will need to perform a separate step to recreate production.yml.


> 
> 
> 
>> (I am using the most excellent Dancer::Plugin::Database). 
> 
> Thanks - always good to hear of happy users :)
> 
> 
>> A little bit of
>> searching brought me to the conclusion that I had to implement some kind
>> of "smudge" and "clean" filters using .gitattributes -- so when I commit
>> my work to the repo, the sensitive info would get replaced by **** (or
>> other placeholders), and when I would checkout the work, the placeholders
>> would get replaced by the real info.
> 
> Hmm, that sounds interesting!
> 
> If you do take that option, I'd be interested to see what you come up with!
> 


Well, I do want to implement it, but am struggling with it. I was thinking of a simple script like so

  #!/usr/bin/env perl
  
  my %vars = ( 
    driver   => 'Pg',
    database => 'dbname',
    host     => 'host',
    port     => 5432,
    username => 'dbusername',
    password => 'dbpassword'
  );
  
  my $template = qq{
  plugins:
    Database:
      driver: '[% driver %]'
      database: '[% database %]'
      host: '[% host %]'
      port: [% port %]
      username: '[% username %]'
      password: '[% password %]'
      #connection_check_threshold: 10
      dbi_params:
        RaiseError: 1
        AutoCommit: 1
      #on_connect_do: ["SET NAMES 'utf8'", "SET CHARACTER SET 'utf8'" ]
      #log_queries: 1
  };
  
  $template =~ s/\[% (.*?) %\]/exists $vars{$1} ? $vars{$1} : ''/ge;

and the reverse of that on the way in.

More information about the Dancer-users mailing list