I’ve created a library that allows you to store encrypted secrets in your VCS, similar to Rails’ encrypted credentials (link)
One of the biggest pain points I’m finding is that it can only load these secrets at runtime, whereas many libraries require you to configure secrets at compile time. My ideal way to fix this would be to have a method such as import_encrypted_config that behaves similarly to Mix’s import_config that I can use in config.exs.
I understand that using custom modules in config files is tricky, so I’m looking for advice on how to accomplish this. Is it possible? And, if so, what is the best way to approach this?
ex-aws, for instance. Your region and keys needs to be specified in config.exs. Even if there’s a way to handle config with these packages at runtime, it’s definitely a nicer experience to set these at compile time.
Regardless of that, it would be really handy to let my encrypted_secrets package integrate with config files. Is there a way to accomplish this?
This isn’t really true. The built in config and the docs suggest doing {:system, "ENV_VAR"} which, while that’s no longer considered the ideal way of loading runtime values, means that the keys are definitely retrieved at runtime.
Since config/config.exs is evaluated when compiling code, the functions you use there must already be compiled (so part of elixir, otp, archives). If you use your config library to populate application env, you can do that in your application callback module. On Elixir 1.9 you could implement a config provider although that would only work for releases. With releases, you can additionally put any code into config/releases.exs as it’s only evaluated at runtime.
