Capistrano tips

If you use (and you definitely should) Capistrano to handle your Rails application deployement, you should have faced some troubles to handle passwords for svn + database, at least if you’re like me and don’t want to put those production passwords in your subversion repository.

My first concern was to have a different user/password to checkout code from subversion, ssh to the server and connect to the database.

So here’s some tricks which allows you to avoid puting passwords in subversion and use different passwords for each part of the process (ssh, svn, db), put those in your config/deploy.rb.

Use whatever SVN User/Password you want :

[UPDATE] A little update to this part to avoid remote svn user/password to be cached locally.

Old :

 set :svn_user, ENV['svn_user'] || "jonathan"
 set :svn_password, { Capistrano::CLI.password_prompt('SVN Password: ') }
 set :repository, { "--username #{svn_user} " +
             "--password #{svn_password} " +
             "http://your.domain.tld/path/to/svn/#{application}/trunk/" }

New :

 set :svn_user, ENV['svn_user'] || "jonathan"
 set :svn_password, { Capistrano::CLI.password_prompt('SVN Password: ') }
 set :repository, { "--username #{svn_user} " +
             "--password #{svn_password} " +
             "--no-auth-cache " +
             "http://your.domain.tld/path/to/svn/#{application}/trunk/" }

So you can now do things like :

  svn_user=your_name cap deploy

and the svn checkout will use ‘your_name’ as svn username, prompt you for the subversion password (remember, you’re using ssh, so no clear password transit) and then do the checkout normaly.

Generate config/database.yml on-the-fly

Just like passwords, it’s a good idea to avoid having your database configuration in subversion if you’re more than one developer to commit code. So why not generate it locally and put it through our lovely ssh connection, at deployement time ?

  desc "After updating code we need to populate a new database.yml"
task :after_update_code, :roles => :app do
  require "yaml"
  set :production_database_password, proc { Capistrano::CLI.password_prompt("Production database remote Password : ") }

  buffer = YAML::load_file('config/database.yml.template')
  # get ride of uneeded configurations
  # Populate production element
  buffer['production']['adapter'] = "postgresql"
  buffer['production']['database'] = "vms_production"
  buffer['production']['username'] = "you_db_username
  buffer['production']['password'] = production_database_password
  buffer['production']['host'] = "localhost"
  put YAML::dump(buffer), "#{release_path}/config/database.yml", :mode => 0664

This code uses the config/database.yml.template file (it’s up to you to have one, I don’t think this one is hard :D), to generate a simple database.yml containing only the production database configuration. Additionnaly it prompts you for the database connection password.

Isn’t this great ?

Sat, 15 Jul 2006 16:33 Posted in

  1. By Seth 26/07/2006 at 23h25

    Good stuff! I was just trying to figure out how to use a different svn username/password. Thanks!

  2. By Aníbal Rojas 22/08/2006 at 04h38

    Off Topic: This is just a quick note to invite you to register at, a meeting place for people interested in the Ruby Programming Language or any of the related technologies. I would recommend using a filtered feed just including Ruby and Rails posts ;-)

  3. By Fin 02/09/2006 at 17h43

    Thanks, was very helpful.

  4. By Pierre R 04/01/2007 at 19h50

    Thanks for the svn password tip ! It pefectly fits my needs ;)

  5. By Micah 21/02/2007 at 16h38

    Thanks for the tips. This should fix the problem for us.

  6. By Chris Roos 15/05/2007 at 20h05

    I’m a bit late to the Capistrano party but really appreciate this handy tip. Cheers.

  7. By Peter Kehl 24/07/2007 at 13h10

    Hi. I’ve tried set :svn_user, :svn_username, :scm_user, :scm_username with :svn_password, :scm_password. The password gets picked only when I use same username on apache/ruby box and in SVN – I use private/public SSH key when connecting to apache/ruby box, so that doesn’t ask for password, and then SVN uses the password from the deployment recipe.

    However, when different usernames on apache/ruby box and SVN doesn’t work – then it doesn’t use SVN password from recipe. That’s with Capistrano 1.4.0.

    I’ve tried Capistrano 2.0 but that complains about the recipe and goes bad sick.

    Any ideas, please?

  8. By Jonathan Tron 03/08/2007 at 12h26

    I’m not sure to understand what your problem is, but my recipes missed one update (made some time ago in capistrano 1.4.x), which led to a problem on the local machine.

    The problem is the svn use the deployement user/password after a deploy with capistrano, to prevent this you can do something like that :

    set :repository, { "--username #{svn_user} " +
                                                "--password #{svn_password} " +
                                                "--no-auth-cache " +
                        "http://your.domain.tld/path/to/svn/#{application}/trunk/" }

    The new part is : "—no-auth-cache " addition

  9. By Dibi Store 26/10/2007 at 12h56


  10. By Sur 29/01/2008 at 12h15

    Quite useful. Thanks!

  11. By Greg 13/01/2012 at 20h50

    Nice tip! I used this so I can store encrypted keys, and decrypt them during deploy, using the openssl rsa —passin pass:#{ssl_passphrase} command. Thanks!

Comment Capistrano tips