Skip to content
This repository
Browse code

Update readme

  • Loading branch information...
commit 6abe4f8f686735d1e1c732d3535c4fb2d4b11051 1 parent 6c38af3
Reid Morrison authored December 14, 2012

Showing 1 changed file with 17 additions and 3 deletions. Show diff stats Hide diff stats

  1. 20  README.md
20  README.md
Source Rendered
@@ -141,6 +141,7 @@ Passwords can be encrypted in any YAML configuration file.
141 141
 For example config/database.yml
142 142
 
143 143
 ```yaml
  144
+---
144 145
 production:
145 146
   adapter:  mysql
146 147
   host:     db1w
@@ -156,11 +157,13 @@ Note: Use SymmetricEncryption.try_decrypt method which will return nil if it
156 157
 Note: In order for the above technique to work in other YAML configuration files
157 158
   the YAML file must be processed using ERB prior to passing to YAML. For example
158 159
 
  160
+```ruby
159 161
     config_file = Rails.root.join('config', 'redis.yml')
160 162
     raise "redis config not found. Create a config file at: config/redis.yml" unless config_file.file?
161 163
 
162 164
     cfg = YAML.load(ERB.new(File.new(config_file).read).result)[Rails.env]
163 165
     raise("Environment #{Rails.env} not defined in redis.yml") unless cfg
  166
+```
164 167
 
165 168
 ### Large File Encryption
166 169
 
@@ -208,10 +211,21 @@ encrypted = SymmetricEncryption.encrypt('hello world')
208 211
 puts SymmetricEncryption.decrypt(encrypted)
209 212
 ```
210 213
 
211  
-### Generating encrypted passwords
  214
+### Rake Tasks
  215
+
  216
+For PCI compliance developers should not be the ones creating or encrypting
  217
+passwords. The following rake tasks can be used by system administrators to
  218
+generate and encrypt passwords for databases, or external web calls.
  219
+It is safe to pass the encrypted password for say MySQL to the developers
  220
+who can then put it in the config files which are kept in source control.
  221
+
  222
+Generate a random password and display its encrypted form:
  223
+
  224
+    rake symmetric_encryption:random_password
  225
+
  226
+Encrypt a known value, such as a password:
212 227
 
213  
-The following rake task can be used to generate encrypted passwords for the
214  
-specified environment
  228
+    rake symmetric_encryption:encrypt
215 229
 
216 230
 Note: Passwords must be encrypted in the environment in which they will be used.
217 231
   Since each environment should have its own symmetric encryption keys

0 notes on commit 6abe4f8

Please sign in to comment.
Something went wrong with that request. Please try again.