Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Twilio Account and Phone Number Need to be Configurable #14

Closed
clintslee opened this issue Jun 3, 2013 · 6 comments
Closed

Twilio Account and Phone Number Need to be Configurable #14

clintslee opened this issue Jun 3, 2013 · 6 comments

Comments

@clintslee
Copy link
Contributor

Need to make the phone number and twilio account credentials configurable.

My personal Twilio account creds are set as environment variables ( I need to remove them soon ), and the phone number is hard-coded into the app.
@v3n
Copy link
Contributor

v3n commented Jun 3, 2013

Define a data structure that the Twilio controller accesses that goes in the config/environment.rb file. Ideally, it should allow the sandbox to be accessible during test and development for the rails environment. However, that's optional.

Are your personal account credentials something that need to be stripped out of the github repository totally?

@clintslee
Copy link
Contributor Author

The SMS class needs three pieces of info:

  1. Twilio Account SID : A string that's now in env variable TWILIO_ACCOUNT_SID.
  2. Twilio Auth : A string that's now in env variable TWILIO_AUTH.
  3. Phone number : hard-coded in the source.

Look at SMS.send and it'll be apparent how these are used.

Yes, my credentials need to be stripped from github. I added an initializer file in the beginning and then deleted it shortly after so I know they're visible in the earlier commits.

@v3n
Copy link
Contributor

v3n commented Jun 3, 2013

Okay, I'll have to filter the branch and force a push at some point, which is likely to be bad, so we'll hold that off until we know we have everyone's work from the weekend pushed. Give it until Wednesday and I'll then fix this problem.

@jamesdabbs
Copy link
Member

In general, we need to remove any sensitive config variables from the repo - AFAIK, that's Twilio stuff and the app secret key (usually production DB credentials too, but Heroku injects those). dotenv is a good tool for this. @clintslee be aware that your Twilio credentials will still be accessible by looking at older commits; to be totally secure, you may want to reset them.

I'm not sure what the easiest way to do local sandbox testing with Twilio is, but I'm planning on setting that up for myself fairly soon and will report back if I uncover anything helpful.

@v3n
Copy link
Contributor

v3n commented Jun 3, 2013

@clintslee be aware that your Twilio credentials will still be accessible by looking at older commits

They won't be after I filter the repository.

@jamesdabbs
Copy link
Member

I personally wouldn't bother with rewriting the history. Those credentials could have been copied by anyone on the internet at this point, and retconning the repo is just asking for weird merge problems down the road.

Regardless, as of 7d301ff I've got Twilio working on my local machine. I added added some info in the README about how to set it up and would highly recommend localtunnel, but I don't think it needs to be in the project proper.

bd96a35 also adds an environment-set secret token, for similar reasons. The token on Heroku has been duly updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clintslee @v3n @jamesdabbs