developing several projects locally: How to configure environment variables - environment-variables

let's say I am developing 2 applications for 2 different clients which are, using 2 different database-configurations.
When using Openshift and CakePHP it is considered good practise to not store the real connection-info in the configs, but instead to use environment-variables.
That way the GIT-Repo is also always clean of server-specific stuff.
That is all fine as long as I have ONE project but as soon as there is another one, I need to override my local env-vars according to the current project.
Is there any way to avoid this? Is it possible to set up env-vars on my local machine per directory or something like that?
I am running OSX with Mamp Pro.

This may not be the best solution, but It would work. Create a different user on your local machine and then change to that other user when you need to access those other environment variables.

I create a 'data' directory in my git repo and set it to ignore. This way anything in there will be saved in the repo and sent to openshift. I place a config.ini file with all the info that I don't want in my repo.
I then manually put that config.ini file in Openshift's persistent DATA directory by using winSCP. You only have to do this when you change your config.ini.
When my app runs it detects if it's local or on Openshift and loads the config.ini file from the correct directory.
I would be interested if somebody has a better idea.
HTH

Related

Make use of .env variables in DDEV's config.yaml?

I'd like to be able to define the variable values in DDEV's version-controlled ./ddev/config.yaml file, using the non-version-controlled .env file. For example (pseudo-code):
name: env($PROJECT_NAME)
# etc...
I can't rely on remembering to swap out config.yaml files or any other manual steps.
The reason for the season is that I need to have multiple DDEV instances of the same site. Each instance would be committing to the same repo, but may (or may NOT) have different branches. In other words, they need to be capable of being merged with each other, without DDEV getting mixed up. Since I have .ddev/config.yaml committed to the repo, I need some other way of having separate DDEV instances.
You probably want to use config.*.yaml for this. By default, config.*.yaml are gitignored. For example, config.local.yaml might have local overrides. See the docs for more info.
I haven't experimented with using the .env file in this context, but I know that config.local.yaml will work fine for this use.

How can I store an encryption key outside version control in Ruby

I need to use encryption on private/personal user data. I am going to use the following encryption library.
RbNaCL
I need a way to store the KEY outside of version control so I can run the app locally. When pushing the code to our hosting company I can put the KEY in the server env variables. Just not sure how and the best way to do it locally.
I should note that all developers working on the project use the same database so we all need the same KEY for development and staging environment.
https://www.happybearsoftware.com/how-to-actually-do-a-cryptography-in-ruby
I think what you are asking is how to keep a .env out of version control while in the repository, people collaborating should know about the what are the enviroment variables. Normally .env-sample (which is a dumy in which all variables are kept without values) is tracked and while .env is ignored (by adding it in .gitignore in case of git)
Typically, secrets never get committed to repositories. Just put them in a config file (like config.yaml or secrets.xml or env.sh or similar); copy the file (to something like config.yaml.example or secrets-skel.xml or env.sh.sample); put the first one into .gitignore (or equivalent, if you're a non-Git heretic), and replace all the secrets in the second one with placeholders. Commit the second one so that everyone who checks out the project will know the format that they should have; but the secret one never touches the repository. If you need to share keys between developers, do it in another way (from IRC/Slack/Email to encrypted USB storage device, depending on how confidential the stuff is).
If you go with YAML-ish kind of solution, in code you can try to find the file, if it is absent then use environment, or vice versa - look up environment, if no variable is there look for the config file to read from (and possibly even stuff it into ENV so you don't need another config object; you might do it in config/application.rb kind of thing. If you go with env.sh kind of approach, you can declare environment variables directly; when you need to start developing, you can source env.sh (or shorter . env.sh) to set them up.
I should note that all developers working on the project use the same database so we all need the same KEY for development and staging environment.
Store the key, and any other shared secrets, in a secure shared vault. Many password managers provide shared vaults, such as 1Password or LastPass.
Then each developer can copy the key from the shared vault and set it in their development environment.

What is the best practice in developing iOS apps with source control and multiple environment configuration

Let's say I want to store URL and token for accessing API to configuration file. I have 3 environment, those are development, staging and production. They have different configuration value for each environment. I am using source control too. For sure, I don't want to share production environment configuration file to source control. So is there a best practice to manage this problem ?
Best thing you can do is Ignore that file in svn when committing. It will never be committed to repository.
How do I ignore files in Subversion?

Configuration of dockerized applications

How do you deal with host-specific configuration for docker containers?
Most importantly production passwords. They can't be put to container for security reasons. Also, they need to be changed on regular basis w/o redeploying anything.
I mostly use Volume containers if I really want to avoid making an image for that: http://docs.docker.com/userguide/dockervolumes/
however, I have done things like
FROM myapp
ADD password.file /etc
RUN do some cfg
to make specific images with password baked in.
That way the specific configuration list passwords is not in the general images which are re-used and known, but they are in an image that is build for and on the host that is running it. (this approach is not really very different to using puppet/chef etc to customise the files on a vm/server - it eventually needs to hit the filesystem in a safe, but repeatable way)
As one comment says, use environment variables you can pass via -e pass=abcdef. You can also save them in a fig.yml config file to avoid having to type them every time.

Rails App in Dropbox

I would like to backup my rails app usig a private git repo. I've decided to use Dropbox but I've already deployed to heroku, setup DNS for a custom domain name without backing up and would hate for something to go wrong by transferring my project.
Does anyone have experience with this or knows if something will go wrong? Should I reconfigure any files before transferring to a private dropbox folder?
Heroku's addons (i.e. custom domain) configurations are located on their server, not on your computer. Typically configs appear in ENV variables. Type heroku config to see what you have.
So yes, you are free to copy your code anywhere you like, and be sure to copy your dotfiles as well.
Personally, I use github for my code backups.
bitbucket now has private git repos. Unfuddle had them for a while too. These are all free, BTW.
In short - don't reconfigure or setup anything - have fun of some coding instead :)
If you just want your repo to stay safely in the "cloud" then:
Bundle (for git or mercurial)
Gmail the bundle to yourself as a reply to the same "pull" message". Or, in case you have a fellow coder, then gmail to him/her. Double-backup.
Done and forgotten. There is plenty of room in you gmail inbox and sent-items for the source-code of several projects.
IMHO it is:
fast
platform-neutral
shareable via smart-phone within 5 minutes maximum
pull/push/work anywhere
secure
easy
a natural habit

Resources