Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore config.yml in deployment or leave private #12

Open
kmjungersen opened this issue Sep 2, 2015 · 5 comments
Open

Ignore config.yml in deployment or leave private #12

kmjungersen opened this issue Sep 2, 2015 · 5 comments

Comments

@kmjungersen
Copy link

Hello! First, thanks for a great utility - it's been really helpful so far! Currently I'm manually making config.yml private in my S3 bucket so that the AWS access keys aren't made public with the rest of the site. It'd be nice if they were already made private on deploy.

If I have some free time, I'll put together a PR for this, but wanted to open the issue for discussion first. Thanks!
@Irishsmurf
Copy link
Contributor

It might be an idea to pull the credentials from the default AWS CLI/SDK credential file location - in the ~/.aws directory, rather than using a separate config.yml file specific for the application.

@kmjungersen
Copy link
Author

+1 to that

@ottenhoff
Copy link

+1 ... I was surprised to find my access keys being published.

@lacostenycoder
Copy link

+1 seeing as how I'm using S3 to host a static website, uploading the config file is a pretty big security issue. Yikes.

@Eein Eein mentioned this issue Feb 26, 2016
Merged
@Eein
Copy link
Contributor

Eein commented Feb 26, 2016

A wild PR appears. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Irishsmurf @ottenhoff @Eein @lacostenycoder @kmjungersen