Remove passwords from database.yml in rails 2.3.8 application?

We have a 2.3.8 application that has hard coded passwords in the database.yml file.

If we were to use erb to bring these in from a file outside where in the initialization steps
do I load the file to populate the variable I wish to interpolate?

When I tried to do so in config/environment.rb the erb usage said the variable I use trying to interpolate was not defined.

Trying something similar to what is advocated here

http://rubyrobot.github.io/blog/2014/04/08/secure-rails-deployment-and-passwords-best-practices/

Robert Nicholson <robert.nicholson@gmail.com> writes:

We have a 2.3.8 application that has hard coded passwords in the database.yml file.

If we were to use erb to bring these in from a file outside where in the initialization steps
do I load the file to populate the variable I wish to interpolate?

When I tried to do so in config/environment.rb the erb usage said the variable I use trying to interpolate was not defined.

Trying something similar to what is advocated here

http://rubyrobot.github.io/blog/2014/04/08/secure-rails-deployment-and-passwords-best-practices/

Generally, in projects I've worked on, these variables come from the
environment:

    production:
        # ...
        username: <%= ENV['DB_USER'] %>
        password: <%= ENV['DB_PASS'] %>

The actual environment variables would be up to you and your team, of
course.

Just as important is to upgrade to a recent version of rails. 2.3.8
went out of support ages ago and undoubtedly has a number of security
holes.

Colin