Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Ruby

Posted by James Simshaw
James Simshaw
28,738 Points

To ignore or not to ignore secrets.yml?

I've seen postings on both sides saying that secrets.yml should and shouldn't be included in .gitignore. I've been trying to find something as authorative answer as I can, but keep coming up with mixed reports.

2 Answers

James Simshaw
James Simshaw
28,738 Points

I figured out a system that should work for myself. I'm just going to mimic the production setup and set everything in environment variables on my local machine and then load the secrets.yml file(which will only include the references to environment variables) to source control. This way, if I end up needing other secrets, I can just add them to my list of environment variables for both my local setup and production.

Tom Sager
Tom Sager
18,987 Points
Tom Sager
Tom Sager
18,987 Points

There is no definitive answer. Having git do automatic version control could be quite useful. However, doing a git push will copy it to whatever remote repository you are using. If that repository is readable by everyone, that might be very very bad.

It seems to me that most secrets files are not large and do not change often. So manually tracking changes is not a huge job. I usually put the secrets in my password manager rather than using git. Best practice on a large enterprise development team is probably quite different.

I hope this helps!

James Simshaw
James Simshaw
28,738 Points

I planned on using environment variables for the production level secrets, however, I'm not sure if leaving the predefined test and development secrets is what I want to be doing or not. I've ran into issues where its looking like I'll have to include this file so that I can get stuff running on Heroku.