SecretEnv is a environment variables manager for rails. SecretEnv can resolve secret variables from storages.
development:
env:
AUTH_SECRET: secret
DATABASE_URL: 'mysql2://local_user@localhost:3306'
staging:
storage:
type: credstash
namespace: awesome_app.staging.
env:
AUTH_SECRET: '#{auth_secret}'
DATABASE_URL: 'mysql2://db_user:#{db_password}@db-staging:3306/main?read_timeout=10&encoding=utf8'
production:
storage:
type: credstash
namespace: awesome_app.production.
env:
AUTH_SECRET: '#{auth_secret}'
DATABASE_URL: 'mysql2://db_user:#{db_password}@db-production:3306/main?read_timeout=10&encoding=utf8'
- Put secrets out of a config file in repository. You can choose backend storages.
- Configure multi environments via one file.
Add this line to your application's Gemfile:
gem 'secret_env'
And then execute:
$ bundle
Put config/secret_env.yml in your application.
SecretEnv resolves keys in given namespace. If you set some.namespace
, SecretEnv finds some.namespace.super_secret
key from storages.
This is default storage type. This type does not retrieve secrets, just extract it as full namespaced key.
This type finds secrets via credstash. You have to bundle 'rcredstash'.
gem 'secret_env'
gem 'rcredstash'
This type finds secrets from local file. Put your secrets in config/secret_env.local, and add it to your gitignores.
# config/secret_env.local
foo=1
bar=2
$ secret_env config/secret_env.yml production your_command --option
or
$ export SECRET_ENV=production
$ secret_env config/secret_env.yml your_command --option
Bug reports and pull requests are welcome on GitHub at https://github.com/adorechic/secret_env.
The gem is available as open source under the terms of the MIT License.