moved sensitive config out to app_config.yml

clouder · Jan 31, 2012 · c6befbe · c6befbe
1 parent 6c319ef
commit c6befbe
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 68 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,5 @@ db/*.sqlite3
 log/*.log
 tmp/
 .sass-cache/
+*.sublime*
+config/app_config.yml
diff --git a/Gemfile b/Gemfile
@@ -1,34 +1,19 @@
 source 'http://rubygems.org'
 
-gem 'rails', '3.1.1'
-
-# Bundle edge Rails instead:
-# gem 'rails',     :git => 'git://github.com/rails/rails.git'
-
+gem 'rails', '3.1.2'
+gem 'jquery-rails'
 gem 'oauth'
 gem 'gmail'
 
-# Gems used only for assets and not required
-# in production environments by default.
 group :assets do
   gem 'sass-rails',   '~> 3.1.4'
   gem 'coffee-rails', '~> 3.1.1'
   gem 'uglifier', '>= 1.0.3'
 end
 
-gem 'jquery-rails'
-
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-
-# Use unicorn as the web server
-# gem 'unicorn'
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-# gem 'ruby-debug19', :require => 'ruby-debug'
+group :production do
+  gem 'pg'
+end
 
 group :test do
   # Pretty printed test output

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,38 +1,38 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.1.1)
-      actionpack (= 3.1.1)
+    actionmailer (3.1.2)
+      actionpack (= 3.1.2)
       mail (~> 2.3.0)
-    actionpack (3.1.1)
-      activemodel (= 3.1.1)
-      activesupport (= 3.1.1)
+    actionpack (3.1.2)
+      activemodel (= 3.1.2)
+      activesupport (= 3.1.2)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       i18n (~> 0.6)
-      rack (~> 1.3.2)
+      rack (~> 1.3.5)
       rack-cache (~> 1.1)
       rack-mount (~> 0.8.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.0.2)
-    activemodel (3.1.1)
-      activesupport (= 3.1.1)
+      sprockets (~> 2.1.0)
+    activemodel (3.1.2)
+      activesupport (= 3.1.2)
       builder (~> 3.0.0)
       i18n (~> 0.6)
-    activerecord (3.1.1)
-      activemodel (= 3.1.1)
-      activesupport (= 3.1.1)
+    activerecord (3.1.2)
+      activemodel (= 3.1.2)
+      activesupport (= 3.1.2)
       arel (~> 2.2.1)
       tzinfo (~> 0.3.29)
-    activeresource (3.1.1)
-      activemodel (= 3.1.1)
-      activesupport (= 3.1.1)
-    activesupport (3.1.1)
+    activeresource (3.1.2)
+      activemodel (= 3.1.2)
+      activesupport (= 3.1.2)
+    activesupport (3.1.2)
       multi_json (~> 1.0)
-    ansi (1.3.0)
+    ansi (1.4.1)
     arel (2.2.1)
     builder (3.0.0)
-    capybara (1.1.1)
+    capybara (1.1.2)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
@@ -47,28 +47,28 @@ GEM
     coffee-script (2.2.0)
       coffee-script-source
       execjs
-    coffee-script-source (1.1.2)
+    coffee-script-source (1.1.3)
     diff-lcs (1.1.3)
     erubis (2.7.0)
     execjs (1.2.9)
       multi_json (~> 1.0)
-    ffi (1.0.9)
+    ffi (1.0.11)
     gmail (0.4.0)
       gmail_xoauth (>= 0.3.0)
       mail (>= 2.2.1)
       mime (>= 0.1)
     gmail_xoauth (0.3.0)
       oauth (>= 0.3.6)
-    guard (0.8.7)
+    guard (0.8.8)
       thor (~> 0.14.6)
-    guard-rspec (0.5.0)
+    guard-rspec (0.5.4)
       guard (>= 0.8.4)
     guard-spork (0.3.1)
       guard (>= 0.8.4)
       spork (>= 0.8.4)
     hike (1.2.1)
     i18n (0.6.0)
-    jquery-rails (1.0.16)
+    jquery-rails (1.0.17)
       railties (~> 3.0)
       thor (~> 0.14)
     json (1.6.1)
@@ -78,11 +78,12 @@ GEM
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     mime (0.1)
-    mime-types (1.16)
+    mime-types (1.17.2)
     multi_json (1.0.3)
     nokogiri (1.5.0)
     oauth (0.4.5)
-    polyglot (0.3.2)
+    pg (0.12.2)
+    polyglot (0.3.3)
     rack (1.3.5)
     rack-cache (1.1)
       rack (>= 0.4)
@@ -92,17 +93,17 @@ GEM
       rack
     rack-test (0.6.1)
       rack (>= 1.0)
-    rails (3.1.1)
-      actionmailer (= 3.1.1)
-      actionpack (= 3.1.1)
-      activerecord (= 3.1.1)
-      activeresource (= 3.1.1)
-      activesupport (= 3.1.1)
+    rails (3.1.2)
+      actionmailer (= 3.1.2)
+      actionpack (= 3.1.2)
+      activerecord (= 3.1.2)
+      activeresource (= 3.1.2)
+      activesupport (= 3.1.2)
       bundler (~> 1.0)
-      railties (= 3.1.1)
-    railties (3.1.1)
-      actionpack (= 3.1.1)
-      activesupport (= 3.1.1)
+      railties (= 3.1.2)
+    railties (3.1.2)
+      actionpack (= 3.1.2)
+      activesupport (= 3.1.2)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
@@ -114,7 +115,7 @@ GEM
       rspec-core (~> 2.7.0)
       rspec-expectations (~> 2.7.0)
       rspec-mocks (~> 2.7.0)
-    rspec-core (2.7.0)
+    rspec-core (2.7.1)
     rspec-expectations (2.7.0)
       diff-lcs (~> 1.1.2)
     rspec-mocks (2.7.0)
@@ -125,19 +126,18 @@ GEM
       rspec (~> 2.7.0)
     rubyzip (0.9.4)
     sass (3.1.10)
-    sass-rails (3.1.4)
+    sass-rails (3.1.5)
       actionpack (~> 3.1.0)
       railties (~> 3.1.0)
-      sass (>= 3.1.4)
-      sprockets (~> 2.0.0)
+      sass (~> 3.1.10)
       tilt (~> 1.3.2)
-    selenium-webdriver (2.8.0)
+    selenium-webdriver (2.12.2)
       childprocess (>= 0.2.1)
-      ffi (>= 1.0.7)
+      ffi (~> 1.0.9)
       json_pure
       rubyzip
     spork (0.9.0.rc9)
-    sprockets (2.0.3)
+    sprockets (2.1.0)
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
@@ -149,8 +149,8 @@ GEM
       polyglot (>= 0.3.1)
     turn (0.8.3)
       ansi
-    tzinfo (0.3.30)
-    uglifier (1.0.4)
+    tzinfo (0.3.31)
+    uglifier (1.1.0)
       execjs (>= 0.3.0)
       multi_json (>= 1.0.2)
     xpath (0.1.4)
@@ -167,7 +167,8 @@ DEPENDENCIES
   guard-spork
   jquery-rails
   oauth
-  rails (= 3.1.1)
+  pg
+  rails (= 3.1.2)
   rspec-rails (~> 2.6)
   sass-rails (~> 3.1.4)
   spork (> 0.9.0.rc)

diff --git a/config/application.rb b/config/application.rb
@@ -1,5 +1,10 @@
 require File.expand_path('../boot', __FILE__)
 
+# use yaml if it is there otherwise probably on heroku
+if File.exist? File.expand_path "../app_config.yml", __FILE__
+  APP_CONFIG = YAML.load File.read File.expand_path '../app_config.yml', __FILE__
+end
+
 require 'rails/all'
 
 if defined?(Bundler)
@@ -46,7 +51,7 @@ class Application < Rails::Application
     config.assets.version = '1.0'
 
     # Google OAuth Consumer Credentials
-    config.consumer_key = ENV['CONSUMER_KEY'] || ENV['consumer_key'] || 'anonymous'
-    config.consumer_secret = ENV['CONSUMER_SECRET'] || ENV['consumer_secret'] || 'anonymous'
+    config.consumer_key = ENV['CONSUMER_KEY'] || ENV['consumer_key'] || APP_CONFIG['consumer_key']
+    config.consumer_secret = ENV['CONSUMER_SECRET'] || ENV['consumer_secret'] || APP_CONFIG['consumer_secret']
   end
 end
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
@@ -4,4 +4,4 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Pushbroom::Application.config.secret_token = '95747c54477e5edd6acfb2670a7e5cb259786762a83d42a88311d3ddbf152af7adcd9c130bb9fe4858152367a2661687e7f4f2ed497c77228f32a6197f8d6114'
+Pushbroom::Application.config.secret_token = APP_CONFIG['session_secret']