D4no0

D4no0

How you manage configuration of secrets in elixir projects?

I think it was discussed before not only a single time, however I was unable to find any relevant information using search on elixirforum.

Let’s say we talk about projects containing some kind of secret values, both present for deployed environments and dev. Here are a few ways I’ve usually seen them being set:

  1. Hardcoded for dev in form of a file that is gitignored, for example: dev.secrets.exs, for deployed environments just fetched as a env variable;
  2. Similar to 1st approach in terms of structure, but generated semi-automatically using a mix task or something similar;
  3. Everything set as a environment variable in runtime.exs and using something like direnv to manage them per-project.

I specifically would like to know more about third option, as it seems that overall it makes the configuration more homogeneous in theory. I’ve seen it being implemented in a few recent projects I had to work with and I didn’t like it very much, but once again this might be an issue of implementation.

Any thoughts on this, what is your personal preference?

Most Liked

cevado

cevado

what I usually do is somewhat the third option but not exactly what you described.
in dev.exs I use the same envvars as runtime.exs but with sensible defaults(like defaulting postgres to localhost, etc). In runtime.exs i check if the apps is compiled for mix env dev or prod, if it’s prod we change to use the envvars but without the defaults, after all we want it to fail if the value is not set.

i’ve never used something like direnv in production settings, just for dev/local. in my last job we used hashicorp’s vault service, it’s quite handy and having versioning in envvars is great. :slight_smile:
but in general i’d go with the thing that fits better your deployment system.

dimitarvp

dimitarvp

While the project is small, env vars and System.get_env! in runtime.exs is quite enough. (And $MIX_ENV.secret.exs as you said, that complements this model nicely.)

The moment you find yourself juggling 15+ env vars and having to parse and validate their values is the moment you should drop all of it and just use Vapor. It’s easy to cringe at its “enterprise”-y offering but I used it in two projects and once you get over the initial learning curve (where you declare the exact location of all your configurable pieces) it just vanishes from view and does its job well. We used it to get data from env vars and YAML files. But I know it can do more than that.

fuelen

fuelen

I use the 3rd option + confispex library. The idea is simple - you describe a schema for the ENV variables and then just use Confispex.get("MY_VAR") instead of System.get_env("MY_VAR") in runtime.exs. I’ve built this library when our configuration was really hard to manage. Currently, our the biggest project has a config schema with ~260 defined ENV variables. Works pretty well and totally manageable.

Vapor was created before runtime.exs was introduced in Elixir, thus it is more complex.

Where Next?

Popular in Discussions Top

jswny
I would like to better understand what the advantages/disadvantages of umbrella applications are compared to structuring your app as as s...
New
Rustixir
Hi everyone, im working on find best language/framework/system for high concurrency, high performance and stable performance after wor...
New
sashaafm
I’m trying to evaluate the best combo/stack for a BEAM Web app. Right now I’m exploring Yaws a bit, after having dealt with Phoenix for a...
New
cvkmohan
The upcoming Phoenix 1.6 release looks very interesting. Became a habit to watch the commits - and - what they are bringing in. phx.gen...
New
lucaong
Hello Elixir and Nerves community, I have been working for a while on an open-source embedded key-value database for Elixir, that I call...
230 14027 124
New
AstonJ
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition) It’s been a while since we first asked this, I...
208 31265 143
New
Crowdhailer
I’ve been hearing much about the new formatter and it’s something I have been keen to try. I find examples buy far the most illuminating...
248 19327 150
New
RudManusachi
What configs will make sense to put to runtime.exs? – A bit of how I configure apps: I have generic configs in config/config.exs, dev...
New
axelson
Decided against including more info in the title, but the gist is that Plataformatec sponsored projects will continue with the assets bei...
New
kostonstyle
Hi all How can I compare haskell with elixir, included tools, webservices, ect. Thanks
New

Other popular topics Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
sorentwo
Hello! tl;dr Announcing Oban, an Ecto based job processing library with a focus on reliability and historical observability. After spen...
985 43487 311
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
fireproofsocks
Forgive me if this is obvious, but how does one delete a database record WITHOUT selecting it first? Ecto.Repo — Ecto v3.14.0 has exampl...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39467 209
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New

We're in Beta

About us Mission Statement