I would like to restrict the access to the deploy.rb file to prevent any
mods from anybody that could cause major issue in production zone for
I recommend having the deploy script prompt for passwords (SSH, SVN/Git,
etc) instead of baking them in in plain text. That way the script is
useless without credentials.
+1. Additional things that you can undertake:
Use SSH keys. The best security model relies on something that you
know (credentials) plus something that you have (private keys).
Keep a deploy.example.rb file under source control and set the actual
deploy.rb to ignore. This is not a substitute for prompting passwords!
You can use it to add a layer of obscurity for your repository URL and