---
title: Encrypted Connection Parameters
impact: MEDIUM
impactDescription: ensures sensitive connection details are not exposed in transport or transit
tags: security, encryption, connections
---

## Encrypted Connection Parameters

Ensure connection strings and parameters for external services are encrypted or managed via secure credential stores.

**Incorrect (plaintext secrets in strings):**

```ruby
DATABASE_URL = "postgres://user:mypassword@db.example.com/mydb"
```

**Correct (using credentials):**

```ruby
# In database.yml
# production:
#   url: <%= Rails.application.credentials.db_url %>
```

**Tools:** Manual Review
---