This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-08-17
Channels
- # announcements (8)
- # atom-editor (8)
- # aws (1)
- # babashka (96)
- # beginners (128)
- # calva (7)
- # cider (12)
- # cljsrn (1)
- # clojure (75)
- # clojure-europe (28)
- # clojure-hamburg (2)
- # clojure-italy (7)
- # clojure-nl (7)
- # clojure-norway (3)
- # clojure-uk (13)
- # clojurescript (26)
- # conjure (2)
- # cursive (18)
- # data-science (7)
- # datalog (21)
- # datomic (9)
- # duct (15)
- # expound (29)
- # figwheel-main (14)
- # fulcro (59)
- # helix (4)
- # jobs (2)
- # kaocha (19)
- # leiningen (15)
- # luminus (4)
- # malli (57)
- # meander (2)
- # off-topic (2)
- # pathom (12)
- # pedestal (8)
- # re-frame (53)
- # reitit (9)
- # remote-jobs (1)
- # shadow-cljs (64)
- # spacemacs (1)
- # specter (2)
- # tools-deps (12)
- # tree-sitter (2)
- # vim (11)
- # xtdb (17)
Is there any way to customize the indentation of host interop forms like this? I’d like them all to be “indent”, otherwise when doing interop, forms tend to grow far to the right
Hmm, no, there isn’t. Would you like this for all interop forms across the board, or for specific calls?
I’m experimenting with getting a single source of truth for env vars for my Clojure project.
Struggling with keeping secrets secret 🙂
Using the an .env
file for env vars, EnvFile
for loading that file into my Cursive project, and direnv
for automatically loading in the .env
file via a .envrc
proxy whenever I cd
into my project in the terminal, I can get most of the way; the .env
file is a single source of truth for both Cursive and the terminal.
However, I’d like to avoid storing secrets directly in my .env
file, as I might accidentally commit those to the project repo. And the .env
file is pretty much just a key-value store, so I can’t do scripting in it like pull-this-key-from-my-secrets-store
(where secrets-store
is pass
, or lastpass
, or (on mac) security
or what have you).
Anyone know of a good solution for what I’m talking about?
Perhaps it’s really simple and readily available, like running a .sh
script just before starting my REPL or whatever.
> I might accidentally commit those to the project repo @reefersleep Sounds like you should gitignore that file.
That’s one solution, but I feel it isn’t strong enough. I’d like to keep secrets completely out of the lexical scope of the project.
If I keep them in something like pass
, they’ll be encrypted as well, not available in plaintext.
Cheers both @U064X3EF3 and @U083D6HK9. I feel that both utilising .gitignore
and git-secrets
are additions that one can make to prevent leakage of secrets - and there’s nothing against using these things in the project while also keeping your secrets in an encrypted store.
I just want to be able to get them out of the store and into IntelliJ somehow 🙂
Not necessarily intended for local development (though there’s nothing preventing it): https://www.vaultproject.io
Rails has a more file-oriented approach: https://edgeguides.rubyonrails.org/security.html#environmental-security
https://github.com/mozilla/sops is one way of keeping secrets in your git repo but secure. I've used this so I can manage secrets "in-band" with the rest of my changes, then decrypt them on the deploy agent and push them to wherever they need to go (like a k8s secret). I use AWS KMS keys so the key is nowhere on my machine (just some temporary credentials for AWS that expire every few hours)
.gitattributes filters for check-in and check-out are useful too. I've wired those up with sops (above) so that locally my file always appears plaintext but when I check it into git it gets encrypted automatically so there's never a plaintext version in the remote. I was initially inspired by https://oteemo.com/2019/06/20/hashicorp-vault-is-overhyped-and-mozilla-sops-with-kms-and-git-is-massively-underrated/
Thanks a bunch @U5RCSJ6BB and @U7JK67T3N! Lots of reading material 🙂