Phoenix secrets checked into version control?

phoenix
secrets
#1

From Phoenix Deployment docs:

If for some reason you do not want to rely on environment variables, you can hard code the secrets in your config/prod.secret.exs , but make sure to check the file into your version control system.

I believe that to check should read to not check, because is against all best practices for security and secrets management to check secrets into version control, unless they are encrypted.

4 Likes
#2

absolutely correct… recently fixed:

6 Likes