I'm building a web app with Yesod and am currently passing in secrets such as API keys via environment variables (as per The Twelve-Factor App) to avoid storing these values in version-controlled configuration files. For example, I run my app in dev mode as follows:
SOME_API_KEY=value yesod devel
I have a value in my config/settings.yml
file that is defined in terms of this environment variable with an empty value as follows:
meetup-api-key: "_env:SOME_API_KEY:"
To deploy using Keter, I'm building the Keter package using the yesod keter
command and dropping the resulting file into Keter 'sincoming
directory. Since I'm using environment variable configuration, my app's .keter
file does not contain the SOME_API_KEY
value (which is intentional).
How should I pass SOME_API_KEY
into the instance of my app running inside Keter?
I would like to avoid baking the value into my keter-config.yaml
for at least the following three reasons:
I am hoping that there are some "best practices" out there for this scenario.
Set your secrets as environment variables on your server and ‘forward’ them to your app using forward-env
in config/keter.yml
as seen in the following patch: https://github.com/snoyberg/keter/commit/9e9fca314fb78860fb5c9b08cad212d92b0b20d4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With