Pp=env is scary



I’m concerned about running MiniProfiler (Ruby Edition) in production because it has this handy option to dump environment variables to the screen. It so happens that we use environment variables to store all sorts of credentials on Heroku.

Now, I realize we can only enable MiniProfiler for administrators when in production, but mistakes happen, and I really would prefer if this feature wasn’t there, at least in its current form.



I am totally open to adding an option that suppresses some of these env keys eg:

Rack::MiniProfiler.config.hide_env = true

Default though should be to show it, it is invaluable when debugging some issues.