Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Managing Passwords and Sensitive information with rbenv-vars #4

wants to merge 5 commits into from

2 participants


My application requires a database connect string to be established using an environment variable.


I want to keep the password out of my public repository. To help with this, I made a small change in rbenv-vars to enable passwords to be segregated into a separate file. Once done, I can .gitignore the password file, and everything is secure.

For my example, I establish '.rbenv-vars-password', and add the variable "PASSWORD=mypass"

Then in '.rbenv-vars', I can use "CONNECT_STRING=postgres://user:${PASSWORD}@localhost/database".

I know that I could have put my private information in a parent directory, but my situation doesn't quite fit that layout.

I hope this is simple to understand and useful for others. Thanks for rbenv and rbenv-vars.


Thanks for the patch, but I don't think this is a good fit for rbenv-vars. Perhaps you can fork the plugin for this functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 26 additions and 0 deletions.
  1. +22 −0
  2. +4 −0 bin/rbenv-vars
@@ -16,6 +16,8 @@ that supports plugin bundles.)
## Usage
+### Variable File
Define environment variables in an `.rbenv-vars` file in your project,
one variable per line, in the format `VAR=value`. For example:
@@ -40,6 +42,26 @@ directories of the current directory will be set. Variables from the
Use the `rbenv vars` command to print all environment variables in the
order they'll be set.
+### Alternate Variable File
+It is a good idea to segregate passwords and sensitive information from
+your public code repository. To help with this, an alternate file can
+be used with the filename `.rbenv-vars-<yourfile>`. The alternate file
+will be loaded before the normal `.rbenv-vars` file.
+For example, your application may require an environment variable with
+a database connect string that contains a password.
+Alternate file: `.rbenv-vars-passwords`
+ DB_PASSWORD=mypassword
+Normal file: `.rbenv-vars`
+ DB_CONNECT_STRING=postgres://dbuser:${DB_PASSWORD}@localhost/my_database
+In this situation, you would .gitignore the `.rbenv-vars-passwords` file.
## License
&copy; 2011 Sam Stephenson. Released under the MIT license. See
4 bin/rbenv-vars
@@ -13,11 +13,15 @@ find-rbenv-vars-files() {
local root="$RBENV_DIR"
local results=""
+ shopt -s nullglob # suppress stderr output if glob doesn't match
while [ -n "$root" ]; do
if [ -e "${root}/.rbenv-vars" ]; then
+ for f in ${root}/.rbenv-vars-* ; do
+ results="$f"$'\n'"$results" # include alternate file in results list
+ done
Something went wrong with that request. Please try again.