I’m interested in using releases.exs to pull down creds from parameter store. For local development, we’re able to load config/local.secret.exs
. When releasing to other environments (dev, staging and prod), we want to be able to pull down various secrets during the application boot up (We’re deploying to ECS). My releases.exs
looks like the following.
Did you forget to attach/link your releases.exs
to the post?
You can import_config "releases.exs"
from your config/config.exs
, but I’d strongly discourage this, as this would permanently write the configuration as it was on your build system into the created artifact.
Hit reply too soon! Relevant files below. As of right now we can build the code and package them as a tar file to deploy to our ec2 instances. When I’m building our containers for ECS deploys, the code doesn’t work properly (can’t access the DB), without dev.secret.exs
(I moved it out of the way). I think this is because if you look at config/config.exs
, it appears to “need” the secret file but not really? I’m able to build without it throwing an error. However, if I put the dev.secret.exs
file back into place the app works.
Bottom line, if possible we want to have a single container that we push throughout our SDLC. For local development, we’ll load config/local.exs
and have it source config/local.secret.exs
. For anything that goes into ECS, I want to be able to use the same container and pass in the relevant environment variables (e.g. db host, db password, aws secret keys, etc…)
# config/releases.exs
import Config
secret_key_base = System.fetch_env!("SECRET_KEY_BASE")
db_host = System.fetch_env!("db_host")
db_password = System.fetch_env!("db_password")
aws_access_key_id = System.fetch_env!("AWS_ACCESS_KEY_ID")
aws_secret_access_key = System.fetch_env!("AWS_SECRET_ACCESS_KEY")
config :inv, Inv.Repo,
username: "myuser",
password: db_password,
database: "mydb",
hostname: db_host,
pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10")
config :inv, Inv.Endpoint,
server: true,
secret_key_base: secret_key_base
So I think I know what’s going on but I’m not an Elixir person. I’m the DevOps guy trying to deploy this package via ECS. This is new uncharted territory for us, I’m working with our lead engineer on this and we’re looking for clarification.
# config/config.exs
import_config "#{Mix.env()}.exs"
secrets_config_path = Path.join(__DIR__, "#{Mix.env()}.secret.exs")
# config/dev.exs
use Mix.Config
config :inv, InvWeb.Endpoint,
http: [port: 4002],
url: [host: "MYURL", port: 80],
cache_static_manifest: "priv/static/cache_manifest.json"
# Do not print debug messages in production
config :logger, level: :info
config :phoenix, :serve_endpoints, true
# config/dev.secret.exs
import Config
secret_key_base =
System.get_env("SECRET_KEY_BASE") ||
raise """
e1:nvironment variable SECRET_KEY_BASE is missing.
You can generate one by calling: mix phx.gen.secret
"""
db_host =
System.get_env("db_host") ||
raise """
environment variable db_host is missing.
"""
db_password =
System.get_env("db_password") ||
raise """
environment variable db_password is missing.
"""
config :inv, Inv.Repo,
username: "myuser",
password: db_password,
database: "mydb",
hostname: db_host,
pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10")