Hello there all,
In Python you can store API Keys in a .env file, you can use this information by retrieving it with the help of environ for example.
What’s the best way to do this in a Phoenix web application?
Thanks!
Now that I use LLM tools doing GodKnowsWhat on my dev box, I no longer trust keys stored in plain text. I’m looking for a secure way to store API Keys on disk and maybe even checked into git.
https://getsops.io/ looks interesting. Any other solutions?
Thanks!
I think I’ll take a look at the following URL
While my website is a static site disguised as a Phoenix web application, therefore I did not take an in-depth look to this section some years ago.
You might like fnox to store secrets in dev environment. For production apps running as a systemd service, use the built-in systemd-creds mechanism.
The easiest way to do this in any application is to:
- Install a
dotenvcli [1], [2] - Populate your
.envfile - Run the application through the dotenv cli to apply environment variables, ex:
dotenvx run -– mix phx.server - Access the environment variables as idiomatic to your application’s language
for dev environment, I usually use sops as mentioned here on the thread. It removes the need for .env files and you don’t need to pass them around to your team or worry about .gitignore them.
When you load the sops secrets, they come out as envs in your terminal so you can use System.get_env/2 in your config/runtime files. I wrote about sops last year in my blog in case you want to see how I use it.
It’s possible to extend this configuration using infrastructure secrets (like KMS) but local secrets with age works well too.
I’ve built nvir to load .env files locally in a simple way. Of course this is only for dev/test environment. In production you just set the secrets as “real” environment variables.
