All-in-one solution for storing your secrets inside repository.
Overview
It is a lightweight zero-dependency solution for Elixir projects to store secrets inside your repository that my friend and I made during #spawnfest 2022.
Features
No external dependencies, pure Elixir
You don’t need to setup and external binaries or services. And you can extend this library in plain Elixir.
Mix-aware.
Secrets are separated per-environment and there is a bunch of useful mix tasks to manipulate these secrets. Building releases with SecretVault is nothing different from building regular release.
Easy to use.
There is a straightforward tutorial for simple installation, and the whole project is well documented.
Secure.
Uses :crypto’s aes256gcm cipher by default. Plus there is a special task for performing very basic but useful audit of your secrets to detect weak or similar passwords.
Sidenote
This project is not available on hex.pm yet, but we’re planning to release a version as a soon as spawnfest evaluation finishes.
I tried to add it to a project, but I am struggling with some problems.
When I use SecretVault.Config.fetch_from_current_env/1 the returned config is for prod always. If I use fetch_from_env with dev (which is the env I am in) it works.
Could you elaborate on practical examples for the library integration?
As a test I tried to put my database password in the vault and use it to start the db.
I followed the docs, and tried to read the value in the config.exs and in the runtime.exs files, but it doesn’t seem to work.
How would one go about that? Is that even an intended use case?
Ooh, I am really sorry for this, it is a bug I just forgot to fix. I’ll release patch version right now, and I am still planning add more practical tests during this week
SecretVault doesn’t interact with passwords and values in the config.exs, it uses it’s own storage inside priv directory. To set password in the application env for database you can just write something like
For existing dependencies, yes. If you’re writing your own, you can use one of SecretVault.Storage functions to store secrets in env or persistent_term for example.
Applications do not restart by default. When any included application crashes, VM writes erl_crash.dump and stops.