Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
credentials: Fetch secrets from the environment or from Vault
A twelve-factor app (as popularized by Heroku) would normally store any passwords or other secrets in environment variables. The alternative would be to include the passwords directly in the source code, which would make it much easier to accidentally reveal them to the world.
But once your application deployment becomes more complex, it's much easier to store passwords in a central, secure store such as Hashicorp's Vault or Square's Keywhiz.
Wherever you choose to store your secrets, this library is intended to provide a single, unified API:
.unwrap;
get.unwrap;
get
By default, this will return the values of the EXAMPLE_USERNAME
and EXAMPLE_PASSWORD
environment variables.
Accessing Vault
To fetch the secrets from Vault, you will first need to set up the same
things you would need to use the vault
command line tool or the vault
Ruby gem:
- You need to set the
VAULT_ADDR
environment variable to the URL of your Vault server. - You can store your Vault token in either the environment variable
VAULT_TOKEN
or the file~/.vault-token
.
Let's assume you have the following secret stored in your vault:
To access it, you'll need to create a Secretfile
in the directory from
which you run your application:
EXAMPLE_USERNAME secret/example:username
EXAMPLE_PASSWORD secret/example:password
As before, you can access these secrets using:
.unwrap;
get.unwrap;
get
Example code
See the examples
directory for complete, working code.
TODO
The following features remain to be implemented:
- Environment variable interpolation in
Secretfile
. - Keywhiz support.
Contributions
Your feedback and contributions are welcome! Just file an issue or send a GitHub pull request.