SecretEnv
SecretEnv is a environment variables manager for rails. SecretEnv can resolve secret variables from storages.
development:
env:
AUTH_SECRET: secret
DATABASE_URL: 'mysql2://local_user@localhost:3306'
staging:
storage:
type: credstash
namespace: awesome_app.staging.
env:
AUTH_SECRET: '#{auth_secret}'
DATABASE_URL: 'mysql2://db_user:#{db_password}@db-staging:3306/main?read_timeout=10&encoding=utf8'
production:
storage:
type: credstash
namespace: awesome_app.production.
env:
AUTH_SECRET: '#{auth_secret}'
DATABASE_URL: 'mysql2://db_user:#{db_password}@db-production:3306/main?read_timeout=10&encoding=utf8'
Features
- Put secrets out of a config file in repository. You can choose backend storages.
- Configure multi environments via one file.
Installation
Add this line to your application's Gemfile:
gem 'secret_env'
And then execute:
$ bundle
Put config/secret_env.yml in your application.
Storages
SecretEnv resolves keys in given namespace. If you set some.namespace
, SecretEnv finds some.namespace.super_secret
key from storages.
type: plain
This is default storage type. This type does not retrieve secrets, just extract it as full namespaced key.
type: credstash
This type finds secrets via credstash. You have to bundle 'rcredstash'.
gem 'secret_env'
gem 'rcredstash'
type: file
This type finds secrets from local file. Put your secrets in config/secret_env.local, and add it to your gitignores.
# config/secret_env.local
foo=1
=2
CLI
$ secret_env config/secret_env.yml production your_command --option
or
$ export SECRET_ENV=production
$ secret_env config/secret_env.yml your_command --option
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/adorechic/secret_env.
License
The gem is available as open source under the terms of the MIT License.