Setup readonly rails console

Posted . Visible to the public.

If you want someone to be able to access your rails console, but don't want them to be able to do changes you can use the rails console sandbox feature:

If you wish to test out some code without changing any data, you can do that by invoking bin/rails console --sandbox.
https://guides.rubyonrails.org/command_line.html#bin-rails-console Show archive.org snapshot

To let one only access the sandbox rails console you can make use of the command option of OpenSSH:

Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored. [...]
https://man.openbsd.org/sshd#command=command Show archive.org snapshot

To combine this, the authorized_keys should be look like:

command="cd /path/to/your/application/current; bundle exec rails c --sandbox" ssh-rsa AAAASOME\PUBLIC_SSH-KEY bob.bobsen@example.com
Last edit
Kim Klotz
License
Source code in this card is licensed under the MIT License.