Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Delete Capfile & deploy.rb after deployment #127
The deploy.rb usually contains private informations like passwords to the server and scm, scm addresses and server adresses. If you deploy other projects than Rails, these files may be published into the DOC_ROOT. There is no reason to keep the Capfile and config/deploy.rb on the live server, so it'll be the best solution to remove these files after the deployment.
Here a basic version (I don't know all the details of Capistrano):
The thin veil of security as an excuse for deleting them doesn't actually solve any security issues (if someone is reading code on your app server, they're already too far penetrated into your codebase. If you're speaking about security within your own team, it's not an open source Gem's responsibility to facilitate that.
I recommend not putting any passwords into the Capfile, if you're using Subversion, I know that can be tricky; but using a decent, modern SCM which has SSH as a transport, you can use SSH (with agent forwarding, or deploy keys) to make sure you don't need any deploy-time passwords to get at the code.
And regarding database passwords, or otherwise which can be in those files, they should be deployed to the server by a trusted member of staff, and symlinked from the deployment each time through.
Thanks for opening the issue, but it's not really a security improvement.