

Use GPG to keep your Rails secrets secure - loopj
https://bugsnag.com/blog/use-gpg-to-hide-rails-secrets

======
druiid
I prefer using Symmetric Encryption:
[https://github.com/reidmorrison/symmetric-
encryption](https://github.com/reidmorrison/symmetric-encryption)

It's super simple to setup and maintain. The only pain-point is how to
distribute the private key to new-users. Haven't quite found a super easy way
to do that yet. Generally we just airdrop it to the person.

~~~
StavrosK
(Re-)encrypt it to their GPG keys of the people you want to have access and
stick it in the repo?

------
joevandyk
I prefer storing secrets/api tokens in a database.

Runs the risk of leaking secrets via a sql injection exploit though, but if
that happens, you're already screwed.

For development, we consider all keys/tokens available to developers as public
-- i.e. for authorize.net accounts, those tokens are tied to test accounts.

