In the last couple of days I played with OpenShift, a PaaS made by RedHat. I moved one of my ruby application from VPS to there. As you may know, OpenShift is working from git repositories so a push means build and deploy.

That means (almost¹) everything has to be pushed to the repository. We know that to commit passwords and secret keys is a bad idea. But don’t worry, use OpenShift’s environment variables! :)

The nice thing is, you can easily insert these variables into yml files, so your database config can be look like this:

 1production:
 2  adapter: mysql2
 3  database: <%= ENV['OPENSHIFT_APP_NAME'] %>
 4  host: <%= ENV['OPENSHIFT_MYSQL_DB_HOST'] %>
 5  port: <%= ENV['OPENSHIFT_MYSQL_DB_PORT'] %>
 6  username: <%= ENV['OPENSHIFT_MYSQL_DB_USERNAME'] %>
 7  password: <%= ENV['OPENSHIFT_MYSQL_DB_PASSWORD'] %>
 8  socket: <%= ENV['OPENSHIFT_MYSQL_DB_SOCKET'] %>
 9  encoding: utf8
10  pool: 5

What about custom secrets and keys?

Well, you can set custom environment variables with rhc. I made a simple text file with my variables:

1DROPBOX_APP_KEY=...
2DROPBOX_APP_SECRET=...

Then add them with set-env command:

1$ rhc set-env my/dir/openshift-env-vars -a myappname

Of course you shouldn’t commit this file to any repository.

You can test it with rhc:

1$ rhc ssh -a myappname
2$ env | grep DROPBOX

If you were connected to ssh while adding the variables, you should reconnect or check them from irb.

Tip: now you can use one repository with more than one remote.