# Secrets Managing secrets in the ShipClojure is done using environment variables and the `fly secrets` command. > **Warning**: It is very important that you do NOT hard code any secrets in the source code. Even if your app source is not public, there are a lot of reasons this is dangerous. ## Managing secrets Managing secrets in shipclojure-datom is done through [aero](https://github.com/juxt/aero). Secrets can be passed as environment variables or added directly to the `resources/.secrets.edn` file. All required secrets for shipclojure are specified in `resources/secrets.example.edn`. I recommend you add there any new secret you will need, so other people working on the project will understant all of the secrets they require (and possibly how to obtain them) ## Reading secrets notation ```clojure {:my-secret #or [#env MY_SUPER_SECRET "my-secret-123"]} ``` This translates to: `:my-secret` will be either the environment variable `MY_SUPER_SECRET` and if that is nil, use `"my-secret-123"` ## Local Development Secrets When you need to create a new secret, it's best to add a line to your [secrets.example.edn](https://github.com/shipclojure/shipclojure/blob/main/resources/secrets.example.edn) with an example value of the new secret so folks know what secret is necessary. To keep everything in line with the guiding principles of "Offline Development," you should also strive make it so whatever service you're interacting with can be mocked out. 1. `cp resources/secrets.example.edn ./resouces/.secrets.edn` 2. Change the secrets where it is required 3. Done! ## Production Secrets In production, secrets should be specified as environment variables. See [deployment docs](https://shipclojure.gitbook.io/shipclojure-docs/deployment/deployment) to understand what secrets will be needed. You need to specify these secrets through `fly secrets`. Environment secrets will be picked up automatically and transformed into the map notation by aero. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shipclojure.gitbook.io/shipclojure-docs/backend/secrets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.