我刚刚创建了一个新的 Rails 项目，它附带了这个 credentials.yml.enc 文件。

公开提交安全吗？

最佳答案

什么 David Heinemeier Hansson说here :

These secrets are not supposed to withstand any sort of attack in test or development.

据我所知，你不应该在这里保留该死的 secret 凭证，然后公开发布是件好事。

It's only in production (and derivative environments, like exposed betas) where the secret actually needs to be secret. So we can simply insert this secret into the new flat credentials.yml.enc file.

最后他提到:

Note: We should just keep Rails.secrets and friends around. The Rails.credentials setup would be a new, concurrent approach. All new apps would use it, but we wouldn't need to screw existing apps.

希望对您有所帮助。更多关注this .

关于ruby-on-rails - 提交 Rails 的 credentials.yml.enc 文件是否安全？，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/50558715/