Ignore config.yml in deployment or leave private

Question

Ignore config.yml in deployment or leave private

kmjungersen opened this issue 9 years ago · 5 comments

Hello! First, thanks for a great utility - it's been really helpful so far! Currently I'm manually making config.yml private in my S3 bucket so that the AWS access keys aren't made public with the rest of the site. It'd be nice if they were already made private on deploy.

If I have some free time, I'll put together a PR for this, but wanted to open the issue for discussion first. Thanks!

Answer 1 · 2015-09-02T13:35:08.000Z

It might be an idea to pull the credentials from the default AWS CLI/SDK credential file location - in the ~/.aws directory, rather than using a separate config.yml file specific for the application.

Answer 2 · 2015-09-02T14:00:56.000Z

+1 to that

Answer 3 · 2015-10-15T17:51:13.000Z

+1 ... I was surprised to find my access keys being published.

Answer 4 · 2015-12-21T23:08:13.000Z

+1 seeing as how I'm using S3 to host a static website, uploading the config file is a pretty big security issue. Yikes.

Answer 5 · 2016-02-26T21:22:17.000Z

A wild PR appears. :)