D4no0

D4no0

How you manage configuration of secrets in elixir projects?

I think it was discussed before not only a single time, however I was unable to find any relevant information using search on elixirforum.

Let’s say we talk about projects containing some kind of secret values, both present for deployed environments and dev. Here are a few ways I’ve usually seen them being set:

  1. Hardcoded for dev in form of a file that is gitignored, for example: dev.secrets.exs, for deployed environments just fetched as a env variable;
  2. Similar to 1st approach in terms of structure, but generated semi-automatically using a mix task or something similar;
  3. Everything set as a environment variable in runtime.exs and using something like direnv to manage them per-project.

I specifically would like to know more about third option, as it seems that overall it makes the configuration more homogeneous in theory. I’ve seen it being implemented in a few recent projects I had to work with and I didn’t like it very much, but once again this might be an issue of implementation.

Any thoughts on this, what is your personal preference?

Most Liked

cevado

cevado

what I usually do is somewhat the third option but not exactly what you described.
in dev.exs I use the same envvars as runtime.exs but with sensible defaults(like defaulting postgres to localhost, etc). In runtime.exs i check if the apps is compiled for mix env dev or prod, if it’s prod we change to use the envvars but without the defaults, after all we want it to fail if the value is not set.

i’ve never used something like direnv in production settings, just for dev/local. in my last job we used hashicorp’s vault service, it’s quite handy and having versioning in envvars is great. :slight_smile:
but in general i’d go with the thing that fits better your deployment system.

dimitarvp

dimitarvp

While the project is small, env vars and System.get_env! in runtime.exs is quite enough. (And $MIX_ENV.secret.exs as you said, that complements this model nicely.)

The moment you find yourself juggling 15+ env vars and having to parse and validate their values is the moment you should drop all of it and just use Vapor. It’s easy to cringe at its “enterprise”-y offering but I used it in two projects and once you get over the initial learning curve (where you declare the exact location of all your configurable pieces) it just vanishes from view and does its job well. We used it to get data from env vars and YAML files. But I know it can do more than that.

fuelen

fuelen

I use the 3rd option + confispex library. The idea is simple - you describe a schema for the ENV variables and then just use Confispex.get("MY_VAR") instead of System.get_env("MY_VAR") in runtime.exs. I’ve built this library when our configuration was really hard to manage. Currently, our the biggest project has a config schema with ~260 defined ENV variables. Works pretty well and totally manageable.

Vapor was created before runtime.exs was introduced in Elixir, thus it is more complex.

Where Next?

Popular in Discussions Top

sashaafm
I’m trying to evaluate the best combo/stack for a BEAM Web app. Right now I’m exploring Yaws a bit, after having dealt with Phoenix for a...
New
cvkmohan
The upcoming Phoenix 1.6 release looks very interesting. Became a habit to watch the commits - and - what they are bringing in. phx.gen...
New
crispinb
On reading dhh’s latest The One Person Framework it strikes me that Phoenix with LiveView is already pretty much this. However, never hav...
New
fireproofsocks
I’ve been working on an Elixir project that has required a lot of scripting. I usually reach for Elixir because I like it more (and in th...
New
rower687
Hi all, I’ve been reading a lot about the “let it crash” term and how supervising processes and the whole messaging passing make an elixi...
New
eteeselink
Hi all, In the last days, two things happened: A blog post titled “They might never tell you it’s broken” made the rounds. It’s about ...
New
joeerl
I’m playing with Elixir - It’s fun. I think @rvirding does give Elixir courses these days. Re: files and database - when I given Erlang ...
New
scouten
I’m looking for a host for the server part of a small (personal) side project that I’m working on. It’s currently written in Node.js and ...
New
fireproofsocks
This is more of a general question, but I’m wondering how other people in the community think about the pattern matching in function sign...
New
axelson
Decided against including more info in the title, but the gist is that Plataformatec sponsored projects will continue with the assets bei...
New

Other popular topics Top

baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
aalberti333
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this: ...
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36352 110
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 54120 245
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

We're in Beta

About us Mission Statement