Secrets
Managing secrets in the ShipClojure is done using environment variables and the fly secrets
command.
Warning: It is very important that you do NOT hard code any secrets in the source code. Even if your app source is not public, there are a lot of reasons this is dangerous.
Getting started with secrets
Shipclojure uses aero for managing secrets and other configuration.
Secrets are kept under:
resources/.dev-secrets.edn
- development secrets (what you use locally to develop)resources/.prod-secrets.edn
- production secrets (what your production deployment uses)
Secrets are imported into your config in the resources/system.edn
here:
;; Merge our public config file with the secrets
{:saas/secrets #include #join [#env HOME "/.saas-secrets.edn"]
Local development
When you need to create a new secret, it's best to add a line to your saas-secrets.example.edn with an example value of the new secret so folks know what secret is necessary.
To keep everything in line with the guiding principle of "Offline Development," you should also strive make it so whatever service you're interacting with can be mocked out.
Copy the example secrets
cp saas-secrets.example.edn resources/.dev-secrets.edn
Modify the values with correct ones
Done
Production development
The process is almost the same as for Local development but step 1 will be cp saas-secrets.example.edn resources/.prod-secrets.edn
Last updated