skwpspace

My blog has moved to my own domain: http://skwpspace.com

Wanted more flexibility than wordpress.com could give me…

thanks for reading, please join me on the other domain!

Some people are upset that database.yml can expose passwords in plaintext. However, there is a pretty simple way to get encryption into database.yml. Because the database.yml file is actually run through an ERB interpreter by Rails, we can put code into our file:


##### database.yml #####
production:
adapter: oci
username: spnr_stat_dev
password: <%= PROD_DB_PASSWORD.decrypt(PROD_KEYFILE) %>
host: marine/gds2dev

####### local.rb #######
class String
def decrypt(keyfile)
#do some magic to apply the keyfile to the password
end
end


That’s all there is to it! Simply plugin any key-based encryption routine in there. In my case we were using a triple des two way encryption that was actually done by an external Java program. I simply invoked the java interpeter using backticks and got the output which was my decrypted password.