luontola
commented
11 years ago One idea is to store the passwords similar to
config[:db_password] = ENC('G6N718UuyPE5bHyWKyuLQSm02auQPUtm')and by giving Deployer the password for encrypting (or a path to a file with the private key)
This could be implemented with Jasypt: http://www.jasypt.org/encrypting-configuration.html http://blog.jayway.com/2008/12/09/encrypting-properties-with-jasypt/ http://www.jasypt.org/encrypting-texts.html http://www.bouncycastle.org/
Passwords could be stored in the environment configuration files in an encrypted form, so that we could store them in version control.
For now the workaround is to read the passwords from an external file or from an environment variable.