Closed timhaines closed 11 years ago
I see. Does this mean everyone using the buildpack needs to update?
Yes. And change their mongo passwords if they're prudent. We noticed it when we emailed our logs between each other.
Hi Tim. Sorry I've been a bit slow at getting to this.
heroku config:get MONGO_URL
?Hey Tom,
No worries at all. I haven't looked into other ways.
It's a problem if you're emailing logs or otherwise transferring them off the servers, and you don't think to clear the passwords out.
Ok, that's reasonable. I'll try to find out if there's a better way to do it, if I can't figure something out then I'll just merge this. Let me know if you figure anything out yourself.
Note: I tried to follow the notes written here: https://devcenter.heroku.com/articles/buildpack-api#default-environment but it doesn't seem to be working. (see the hide-mongo-url
branch).
Working with buildpacks is very frustrating as there's little to no output in many cases and it takes a long time to try anything :)
It'd be better if it worked automatically, but not a big deal. If you could, can you have a go at this? Otherwise I'll just commit this change early next week.
Awesome, that was it (the script needs to manually write .profile.d). Sorted.
We noticed our MongoHQ password was showing in the logs when meteor was starting up.
I added a note to the readme about specifying MONGO_URL in the Heroku config.