Secrets

Managing secrets in the ShipClojure is done using environment variables and the fly secrets command.

Warning: It is very important that you do NOT hard code any secrets in the source code. Even if your app source is not public, there are a lot of reasons this is dangerous.

Managing secrets

Managing secrets in shipclojure-datom is done through aero. Secrets can be passed as environment variables or added directly to the resources/.secrets.edn file.

All required secrets for shipclojure are specified in resources/secrets.example.edn. I recommend you add there any new secret you will need, so other people working on the project will understant all of the secrets they require (and possibly how to obtain them)

Reading secrets notation

{:my-secret #or [#env MY_SUPER_SECRET "my-secret-123"]}

This translates to: :my-secret will be either the environment variable MY_SUPER_SECRET and if that is nil, use "my-secret-123"

Local Development Secrets

When you need to create a new secret, it's best to add a line to your secrets.example.edn with an example value of the new secret so folks know what secret is necessary.

To keep everything in line with the guiding principles of "Offline Development," you should also strive make it so whatever service you're interacting with can be mocked out.

cp resources/secrets.example.edn ./resouces/.secrets.edn
Change the secrets where it is required
Done!

Production Secrets

In production, secrets should be specified as environment variables. See deployment docs to understand what secrets will be needed. You need to specify these secrets through fly secrets.

Environment secrets will be picked up automatically and transformed into the map notation by aero.

PreviousRouting Nextdecisions

Last updated 22 days ago