Env-dependent Oban Encrypted args?

yukster · November 14, 2024, 1:06am

I’m looking into using Oban Pro encrypted jobs to get PII out of Oban Web. It’s super simple to set up and use but we have a considerable amount of tests that are asserting on the job args. I can change them all to just assert there is a data arg but it seems kind of sad. We also can’t use the args in assert_enqueued. I thought maybe I could make the encrypted arg env-dependent: the key config for deployed envs and false for local dev and tests but it doesn’t work.

Has anyone figured out a way to make the encryption happen on deployed envs or prod mode only?

al2o3cr · November 14, 2024, 1:45am

You could wrap the whole use in a compile-time conditional:

defmodule MyApp.SensitiveWorker do
  if Application.compile_env(:myapp, :use_encrypted_workers) do
    use Oban.Pro.Worker, encrypted: [key: {module, fun, args}]
  else
    use Oban.Pro.Worker
  end

  @impl true
  def process(%Job{args: args}) do
    # Args are decrypted, use them as you normally would
  end
end

yukster · November 14, 2024, 3:38pm

Yeah, that’s a decent idea. Thanks.