Remove passwords from database.yml in rails 2.3.8 application?

We have a 2.3.8 application that has hard coded passwords in the database.yml file.

If we were to use erb to bring these in from a file outside where in the initialization steps do I load the file to populate the variable I wish to interpolate?

When I tried to do so in config/environment.rb the erb usage said the variable I use trying to interpolate was not defined.

Trying something similar to what is advocated here

Robert Nicholson <robert.nicholson@gmail.com> writes:

We have a 2.3.8 application that has hard coded passwords in the database.yml file.

If we were to use erb to bring these in from a file outside where in the initialization steps do I load the file to populate the variable I wish to interpolate?

When I tried to do so in config/environment.rb the erb usage said the variable I use trying to interpolate was not defined.

Trying something similar to what is advocated here

Secure Rails Deployment and Passwords: Best Practices - rubyrobot

Generally, in projects I've worked on, these variables come from the environment:

    production:         # ...         username: <%= ENV['DB_USER'] %>         password: <%= ENV['DB_PASS'] %>

The actual environment variables would be up to you and your team, of course.

Just as important is to upgrade to a recent version of rails. 2.3.8 went out of support ages ago and undoubtedly has a number of security holes.

Colin