Secrets

Managing secrets in the ShipClojure is done using environment variables and the fly secrets command.

Warning: It is very important that you do NOT hard code any secrets in the source code. Even if your app source is not public, there are a lot of reasons this is dangerous.

Getting started with secrets

Shipclojure uses aero for managing secrets and other configuration.

Secrets are kept under:

  1. resources/.dev-secrets.edn - development secrets (what you use locally to develop)

  2. resources/.prod-secrets.edn - production secrets (what your production deployment uses)

Secrets are imported into your config in the resources/system.edn here:

;; Merge our public config file with the secrets
{:saas/secrets #include #join [#env HOME "/.saas-secrets.edn"]

Local development

When you need to create a new secret, it's best to add a line to your saas-secrets.example.edn with an example value of the new secret so folks know what secret is necessary.

To keep everything in line with the guiding principle of "Offline Development," you should also strive make it so whatever service you're interacting with can be mocked out.

  1. Copy the example secrets cp saas-secrets.example.edn resources/.dev-secrets.edn

  2. Modify the values with correct ones

  3. Done

Production development

The process is almost the same as for Local development but step 1 will be cp saas-secrets.example.edn resources/.prod-secrets.edn

Last updated