Secrets
Last updated
Last updated
Managing secrets in the ShipClojure is done using environment variables and the fly secrets
command.
Warning: It is very important that you do NOT hard code any secrets in the source code. Even if your app source is not public, there are a lot of reasons this is dangerous.
Shipclojure uses for managing secrets and other configuration.
Secrets are kept under:
resources/.dev-secrets.edn
- development secrets (what you use locally to develop)
resources/.prod-secrets.edn
- production secrets (what your production deployment uses)
Secrets are imported into your config in the here:
When you need to create a new secret, it's best to add a line to your with an example value of the new secret so folks know what secret is necessary.
To keep everything in line with the of "Offline Development," you should also strive make it so whatever service you're interacting with can be mocked out.
Copy the example secrets cp saas-secrets.example.edn resources/.dev-secrets.edn
Modify the values with correct ones
Done
The process is almost the same as for Local development but step 1 will be cp saas-secrets.example.edn resources/.prod-secrets.edn