In the last couple of days I played with OpenShift, a PaaS made by RedHat. I moved one of my ruby application from VPS to there. As you may know, OpenShift is working from git repositories so a push means build and deploy.

That means (almost¹) everything has to be pushed to the repository. We know that to commit passwords and secret keys is a bad idea. But don’t worry, use OpenShift’s environment variables! :)</div>

The nice thing is, you can easily insert these variables into yml files, so your database config can be look like this:

production:
  adapter: mysql2
  database: <%= ENV['OPENSHIFT_APP_NAME'] %>
  host: <%= ENV['OPENSHIFT_MYSQL_DB_HOST'] %>
  port: <%= ENV['OPENSHIFT_MYSQL_DB_PORT'] %>
  username: <%= ENV['OPENSHIFT_MYSQL_DB_USERNAME'] %>
  password: <%= ENV['OPENSHIFT_MYSQL_DB_PASSWORD'] %>
  socket: <%= ENV['OPENSHIFT_MYSQL_DB_SOCKET'] %>
  encoding: utf8
  pool: 5

What about custom secrets and keys?

Well, you can set custom environment variables with rhc. I made a simple text file with my variables:

DROPBOX_APP_KEY=...
DROPBOX_APP_SECRET=...

Then add them with set-env command:

$ rhc set-env my/dir/openshift-env-vars -a myappname

Of course you shouldn’t commit this file to any repository.

You can test it with rhc:

$ rhc ssh -a myappname
$ env | grep DROPBOX

If you were connected to ssh while adding the variables, you should reconnect or check them from irb.