I'm confused about how to properly use figaro with Rails 4.2. So in application.yml (which is checked into .gitignore), I have this:
secret_key_base: 123456
And then in secrets.yml, I have this:
development:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
The gem should be handling the ENV part of setting the credentials, according to everything I've read. Why is this not working?
EDIT 1:
In application.yml I have: mandrill_user_name: email#example.com and mandrill_password: 1234567890
And in development.rb I have:
config.action_mailer.default_url_options = { :host => "localhost:3000" }
config.action_mailer.smtp_settings = {
address: "smtp.mandrillapp.com",
port: 587,
domain: "localhost:3000",
authentication: "plain",
enable_starttls_auto: true,
user_name: ENV["mandrill_user_name"],
password: ENV["mandrill_password"]
}
Shouldn't application.yml be taking care of this?
If is redundant to have the variable in the secrets.yml file and the application.yml file.
I.e. use the application.yml file ONLY to declare ENV Vars.
So long as it is in the apllication.yml file you can call it throughout your rails app just like you are doing:
ENV["SECRET_KEY_BASE"]
Varialbles stored in the secrets.yml file are called via
Rails.application.secrets.SECRET_KEY_BASE
Related
I follow the instruction in vs code after i run rails g devise:install
I added config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } in development.rb
I also uncomment the confirmable in migration file .
I also added confirmable in user.rb
In environment.rb this is what i have
# Load the Rails application.
require_relative "application"
# Initialize the Rails application.
Rails.application.initialize!
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.perform_deliveries = true
ActionMailer::Base.smtp_settings = {
address: 'smtp.gmail.com',
port: 465,
domain: 'gmail.com',
user_name: ENV['test#gmail.com'],
password: ENV['123456'],
authentication: 'plain',
:ssl =>true,
:tsl => true,
enable_starttls_auto: true
}
Im not sure on how to put the correct username and password .
Im not getting any error message when i go to signup but when i go to the email that i use to sign up , im not getting any email .
I also enable less secure app in google settings for both email .
Please help
Thank you
The modern Rails approach (5.1+) is to use encrypted secrets. When you run rails credentials:edit Rails will open a basic credentials file in your editor of choice. You can then just add your Gmail password and email to the file:
gmail:
password: your_password_goes_here
user_name: your-email-address#gmail.com
Rails will then create the config/credentials.yml.enc file that can be checked into version control. The file is encrypted with your master.key file which should not be checked into version control.
You can then access the encrypted secrets with Rails.application.credentials:
ActionMailer::Base.smtp_settings = {
address: 'smtp.gmail.com',
port: 465,
domain: 'gmail.com',
user_name: Rails.application.credentials.gmail.fetch(:user_name),
password: Rails.application.credentials.gmail.fetch(:password),
authentication: 'plain',
ssl: true,
tsl: true,
enable_starttls_auto: true
}
Firstly you need to install a gem such as dotenv-rails.
This will allow you to use environment variables.
To do so create a .env file in the root of your project.
Inside of that file you can add environment variables such as:
EMAIL_USERNAME=someusername
EMAIL_PASSWORD=somepassword
And then in your environment.rb you can use it like this:
user_name: ENV['EMAIL_USERNAME'],
password: ENV['EMAIL_PASSWORD']
I'm using Rails Mailer to send confirmation mails on my app, and I've set up my config>environment>development.rb like below:
config.action_mailer.smtp_settings = {
address: "smtp.gmail.com",
port: 587,
domain: 'smtp.gmail.com',
# user_name: ENV["MAIL_USERNAME"],
# password: ENV["MAIL_PASSWORD"],
user_name: "myemail#mydomain.com",
password: "myCorrectPassword",
authentication: :login,
enable_starttls_auto: true
}
Problem
When I hardcode the user_name and the password for "myemail#mydomain.com" and "myCorrectPassword", the mailer sends an email and it works fine. But when I use the ENV to make sure that my credentials are safe, I get the Net::SMTPAuthenticationError: 530-5.7.0 Authentication Required error.
On Terminal, I checked my ENV to make sure that I've entered correct values for each variable, and they were right.
What else can I try?
What do you get when you run this in rails console ENV["MAIL_USERNAME"] ??
Does your ~/.bash_profile has this
export MAIL_USERNAME="myemail#mydomain.com"
Try to source ~/.bash_profile once
Is there anyway to use action mailer without turning the unsecure device gmail attribute on? I don't want to expose my email account to the world by turning the unsecure option on for my ruby on rails app.
Is there a way to enter the username and password for such an email system without assigning the username and passwords directly to the application environment of development/production modes?
How is this all done and do I need any additonial information?
Bare in mind I am using Ruby on Rails 3.2 version and not 4.0
You can use this as:
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:authentication => :plain,
:address => "smtp.gamil.com",
:port => 587,
:domain => Rails.application.secrets.domain,
:user_name =>Rails.application.secrets.username,
:password => Rails.application.secrets.password
}
Write in secret.yml:
development:
domain: <%= ENV Domain_you_want %>,
user_name: <%= ENV user_name_you_want %>,
password: <%= ENV password %>
The standard way of protecting your sensitive information when configuring Rails is to use the shell environment variables. In the given environment config file, use the ENV hash to access the shell environment variables:
# e.g. config/environment/production.rb
config.action_mailer.smtp_settings = {
address: "smtp.gmail.com",
port: 587,
domain: "example.com",
authentication: "plain",
enable_starttls_auto: true,
user_name: ENV["GMAIL_USERNAME"],
password: ENV["GMAIL_PASSWORD"]
}
Then you have to define the env. variables somewhere. This can be done in the ~/.bashrc file of the user under which you run Rails (the file will be different if you use other shell than bash):
# ~/.bashrc
export GMAIL_USERNAME="myname#gmail.com"
# etc...
Then relogin to the console and try start up Rails and it should get the correct info from the shell variables. Take a look at this guide for more info. See also the Rails guides for all mail configuration options.
I have a Rails application and I put all my important configurations, e.g. sendgrid, new relic, twilio, airbrake, etc, in a config/config.yml file. The file looks as follows:
development:
sendgrid:
username: username
password: password
test:
sendgrid:
username: username
password: password
production:
sendgrid:
username: username
password: password
Then in config/initializers/global_configuration.rb, I load the correct environment configuration:
APP_CONFIG = YAML.load_file("#{Rails.root}/config/config.yml")[Rails.env]
Now I want to be able to access this global constant in config/environments/development or config/environments/production, as so:
config.action_mailer.smtp_settings = {
address: 'smtp.sendgrid.net',
port: 587,
domain: APP_CONFIG['sendgrid']['domain'],
authentication: "plain",
enable_starttls_auto: true,
user_name: APP_CONFIG['sendgrid']['username'],
password: APP_CONFIG['sendgrid']['password']
}
Unfortunately, when Rails starts up, it throws the following error:
Uncaught exception: uninitialized constant APP_CONFIG
It appears that config/environments is loaded before config/initializers. How can I get around this so I can access my global constant in config/environments?
It appears config/application.rb is loaded before the config/environments/*.rb files, so I was able to hook into the before_configuration block and then create a global variable within it:
config.before_configuration do
::APP_CONFIG = YAML.load_file("#{Rails.root}/config/config.yml")[Rails.env]
end
If there is a better option (rather than using ENV), I will gladly delete this answer and upvote the better one.
Do this in all the environment file inside config/environment/
config.after_initialize do
config.action_mailer.smtp_settings = {
address: 'smtp.sendgrid.net',
port: 587,
domain: APP_CONFIG['sendgrid']['domain'],
authentication: "plain",
enable_starttls_auto: true,
user_name: APP_CONFIG['sendgrid']['username'],
password: APP_CONFIG['sendgrid']['password']
}
end
I've configured email on redmine according to the instructions in the redmine wiki, and it all works fine. Here are the contents of my config/configuration.yml file:
production:
delivery_method: :smtp
smtp_settings:
address: "smtp.sendgrid.net"
port: 587
authentication: :plain
domain: "heroku.com"
user_name: my_email#gmail.com
password: my_password
However I am trying to use environment variables in place of my_email#gmail.com and my_password like so:
production:
delivery_method: :smtp
smtp_settings:
address: "smtp.sendgrid.net"
port: 587
authentication: :plain
domain: "heroku.com"
user_name: <%= ENV['SENDGRID_USERNAME'] %>
password: <%= ENV['SENDGRID_PASSWORD'] %>
When I try to send a test email, with the environment variables in the config file, redmine give this error:
'An error occurred while sending mail (535 Authentication failed: Bad username / password )'.
So I guess the erb snippet is not being evaluated (I have double checked the values of the environment variables).
I've searched for a solution and come up empty, does anyone have any suggestions as to how I should configure email in redmine so that I don't expose my sendgrid credentials in the config file?
Alternatively if someone can tell me that it's not a security risk to use the credentials directly, without environment variables, that would also solve my problem.
I had answered this question 2 weeks ago, and it was deleted by someone else right away.
So I'm not sure if someone will delete this answer again to prevent other guys knowing how to solve this problem. Good luck!
I got the same issue and this article
Set up mailing in redmine on heroku solved my problem.
The idea is moving the settings from config/configuration.yml to config/environments/production.rb and using Ruby code to set it up. Since ENV['key'] is handled by erb, I guess configuration.yml is not handled that way. Maybe there is some security issue?
So in your case, you should add these codes to config/environments/production.rb as follows,
ActionMailer::Base.smtp_settings = {
:address => 'smtp.sendgrid.net',
:port => '587',
:authentication => :plain,
:user_name => ENV['SENDGRID_USERNAME'],
:password => ENV['SENDGRID_PASSWORD'],
:domain => 'heroku.com'
}
ActionMailer::Base.delivery_method = :smtp
And remove codes from config/configuration.yml and make it looks like this,
default:
# Outgoing emails configuration (see examples above)
email_delivery:
delivery_method: :smtp