Twilio Account and Phone Number Need to be Configurable about medlink HOT 6 CLOSED

Define a data structure that the Twilio controller accesses that goes in the config/environment.rb file. Ideally, it should allow the sandbox to be accessible during test and development for the rails environment. However, that's optional.

Are your personal account credentials something that need to be stripped out of the github repository totally?

from medlink.

The SMS class needs three pieces of info:

1. Twilio Account SID : A string that's now in env variable TWILIO_ACCOUNT_SID.
2. Twilio Auth : A string that's now in env variable TWILIO_AUTH.
3. Phone number : hard-coded in the source.

Look at SMS.send and it'll be apparent how these are used.

Yes, my credentials need to be stripped from github. I added an initializer file in the beginning and then deleted it shortly after so I know they're visible in the earlier commits.

from medlink.

Okay, I'll have to filter the branch and force a push at some point, which is likely to be bad, so we'll hold that off until we know we have everyone's work from the weekend pushed. Give it until Wednesday and I'll then fix this problem.

from medlink.

In general, we need to remove any sensitive config variables from the repo - AFAIK, that's Twilio stuff and the app secret key (usually production DB credentials too, but Heroku injects those). dotenv is a good tool for this. @clintslee be aware that your Twilio credentials will still be accessible by looking at older commits; to be totally secure, you may want to reset them.

I'm not sure what the easiest way to do local sandbox testing with Twilio is, but I'm planning on setting that up for myself fairly soon and will report back if I uncover anything helpful.

from medlink.

@clintslee be aware that your Twilio credentials will still be accessible by looking at older commits

They won't be after I filter the repository.

from medlink.

I personally wouldn't bother with rewriting the history. Those credentials could have been copied by anyone on the internet at this point, and retconning the repo is just asking for weird merge problems down the road.

Regardless, as of 7d301ff I've got Twilio working on my local machine. I added added some info in the README about how to set it up and would highly recommend localtunnel, but I don't think it needs to be in the project proper.

bd96a35 also adds an environment-set secret token, for similar reasons. The token on Heroku has been duly updated.

from medlink.