Closed lfv89 closed 1 year ago
Thanks for the suggestion! We generally do not recommend checking in the Bundler configuration file, but it might make sense to change our recommendation for the user-level config.
For now, you can work around this issue by setting credentials as env vars: export BUNDLE_GEMS__CONTRIBSYS__COM=secrets
will produce the same results as if it were in your user level Bundler config file.
@indirect
but it might make sense to change our recommendation for the user-level config.
Interesting, would you solve this problem by creating a separated credentials
file too? I'd love like to jump into this if we could achieve a minimal viable solution in this thread :thought_balloon:
Personally, I use env vars set by my shell configuration (which I keep checked in) to manage the settings that I want to commit. Do you feel like that is not a satisfactory way to do things, and it would be a worthwhile improvement to implement a second credentials file just to enable checking in the Bundler config file?
I like the idea of checking in the Bundler config file (.bundle/config
), to share Bundler settings for a project between team members, instead of every team member having to configure their shell. I've used it for settings like BUNDLE_CACHE_ALL
.
@dentarg the Bundler team absolutely does not endorse checking in a per-app config file. The per-app Bundler config file is full of settings that do not transfer between machines at all, particularly absolute paths, even if you exclude credentials.
If your project has a specific set of Bundler settings, why aren't you setting them inside bin/setup
or bin/update
, to share those settings across everyone setting up the project?
@indirect We haven't run into such problems, but it is good to know the reasoning the Bundler team has. I'll try to remember your suggestions about bin/
-wrappers. Thanks!
In my opinion, checking in the .bundle/config
file is useful for certain things, and a very useful for sharing Bundler
settings for a project between team members as @dentarg pointed out. Regarding absolute paths, in most cases relative paths work just fine and use the root of the project as a base.
hey @indirect,
The env approach works, what I keep thinking is that since bundle config foobar FOO:BAR
stores the credentials by default in the bundle config file, unsuspecting people might possibly be affected. Mainly people that version their ~/.bundle/config
since it has lots of tweaks that are very interesting to have by default and storing them on a dotfiles repo for future usage is extremely helpful!
Answering your question, I do feel indeed that it could make a bit more sense to store, at the user level, these credentials in a separated credentials
file inside the ~/.bundle
folder... I'd like to take a stab at it if you think it would make sense to do so.
Problem:
At the moment the
~/.bundle/config
stores both credentials and global configuration as well.This is not ideal for versioning purposes. It does makes sense to version the file because global configurations like
BUNDLE_PATH
are useful across multiple setups, but it's not safe to do it right now because credentials for accessing private gems (likeBUNDLE_GEMS__CONTRIBSYS__COM
for Sidekiq) would also be versioned, which is not desirable.Proposal:
These credentials should go to their own
~/.bundle/credentials
file which would greatly help to avoid them getting leaked from public repositories, since there would be no point to version this specifically file.I'd gladly jump into this if the core team finds it worthy.
Let me know what you think.