Comments on: Password-free deployments with Capistrano 2 http://blog.adsdevshop.com/2008/01/04/password-free-deployments-with-capistrano-2/ Helping companies increase predicability and business agility. Tue, 16 Mar 2010 13:24:28 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Robert Dempsey http://blog.adsdevshop.com/2008/01/04/password-free-deployments-with-capistrano-2/comment-page-1/#comment-10204 Robert Dempsey Thu, 22 Oct 2009 06:53:56 +0000 http://rorblog.techcfl.com/2008/01/04/password-free-deployments-with-capistrano-2/#comment-10204 @blake: Great advice. Thanks. @blake: Great advice. Thanks.

]]> By: Dave http://blog.adsdevshop.com/2008/01/04/password-free-deployments-with-capistrano-2/comment-page-1/#comment-9903 Dave Tue, 15 Sep 2009 14:50:29 +0000 http://rorblog.techcfl.com/2008/01/04/password-free-deployments-with-capistrano-2/#comment-9903 Took me ages to find a solution for this so posting it here, since this was a key blog to get me on the way: - deploy ability can be revoked from developer/machine as needed - svn access can be revoked as needed - developer knowledge of svn/deploy user passwords not required - sudo is not required - stored passwords not required - sftp to target required Thanks guys! http://www.experts-exchange.com/Programming/Languages/Scripting/Ruby/RubyOnRails/Q_24731867.html Took me ages to find a solution for this so posting it here, since this was a key blog to get me on the way:

- deploy ability can be revoked from developer/machine as needed
- svn access can be revoked as needed
- developer knowledge of svn/deploy user passwords not required
- sudo is not required
- stored passwords not required
- sftp to target required

Thanks guys!

http://www.experts-exchange.com/Programming/Languages/Scripting/Ruby/RubyOnRails/Q_24731867.html

]]> By: Robert Dempsey http://blog.adsdevshop.com/2008/01/04/password-free-deployments-with-capistrano-2/comment-page-1/#comment-5891 Robert Dempsey Mon, 07 Jan 2008 04:42:42 +0000 http://rorblog.techcfl.com/2008/01/04/password-free-deployments-with-capistrano-2/#comment-5891 @blake: Great advice. Thanks. @blake: Great advice. Thanks.

]]> By: Blake http://blog.adsdevshop.com/2008/01/04/password-free-deployments-with-capistrano-2/comment-page-1/#comment-5890 Blake Mon, 07 Jan 2008 01:44:40 +0000 http://rorblog.techcfl.com/2008/01/04/password-free-deployments-with-capistrano-2/#comment-5890 My team accomplishes the same thing without having to relax security with sudo or encode passwords directly into the Capistrano recipes. What we do instead is use a single user for doing all deployments. Instead of a password, we all have an SSH key installed in ~/.ssh/authorized_keys on each machine. To initialize Subversion access, I logged in once to the deploy user's account and did an svn ls https://server/path/to/svn and entered the credentials, which are cached into ~/.subversion/. Then we run our Rails processes as the deployment user, so there's no need to use sudo at all for working with Mongrel. This way lost laptops with source trees don't have keys to the kingdom and in the event of firing a developer, we just pull his SSH key from the shared account and he no longer has access. Problem solved. My team accomplishes the same thing without having to relax security with sudo or encode passwords directly into the Capistrano recipes. What we do instead is use a single user for doing all deployments. Instead of a password, we all have an SSH key installed in ~/.ssh/authorized_keys on each machine. To initialize Subversion access, I logged in once to the deploy user’s account and did an svn ls https://server/path/to/svn and entered the credentials, which are cached into ~/.subversion/. Then we run our Rails processes as the deployment user, so there’s no need to use sudo at all for working with Mongrel.

This way lost laptops with source trees don’t have keys to the kingdom and in the event of firing a developer, we just pull his SSH key from the shared account and he no longer has access. Problem solved.

]]>