Fork me on GitHub

Is there any way to customize the indentation of host interop forms like this? I’d like them all to be “indent”, otherwise when doing interop, forms tend to grow far to the right


Hmm, no, there isn’t. Would you like this for all interop forms across the board, or for specific calls?


I’d do it across the board


I’m experimenting with getting a single source of truth for env vars for my Clojure project. Struggling with keeping secrets secret 🙂 Using the an .env file for env vars, EnvFile for loading that file into my Cursive project, and direnv for automatically loading in the .env file via a .envrc proxy whenever I cd into my project in the terminal, I can get most of the way; the .env file is a single source of truth for both Cursive and the terminal. However, I’d like to avoid storing secrets directly in my .env file, as I might accidentally commit those to the project repo. And the .env file is pretty much just a key-value store, so I can’t do scripting in it like pull-this-key-from-my-secrets-store (where secrets-store is pass, or lastpass, or (on mac) security or what have you).


Anyone know of a good solution for what I’m talking about?


Perhaps it’s really simple and readily available, like running a .sh script just before starting my REPL or whatever.


> I might accidentally commit those to the project repo @reefersleep Sounds like you should gitignore that file.


That’s one solution, but I feel it isn’t strong enough. I’d like to keep secrets completely out of the lexical scope of the project.


If I keep them in something like pass, they’ll be encrypted as well, not available in plaintext.


Cheers both @U064X3EF3 and @U083D6HK9. I feel that both utilising .gitignore and git-secrets are additions that one can make to prevent leakage of secrets - and there’s nothing against using these things in the project while also keeping your secrets in an encrypted store.


I just want to be able to get them out of the store and into IntelliJ somehow 🙂


Not necessarily intended for local development (though there’s nothing preventing it):


But you’ll still need to store the key somewhere.

rutledgepaulv23:08:15 is one way of keeping secrets in your git repo but secure. I've used this so I can manage secrets "in-band" with the rest of my changes, then decrypt them on the deploy agent and push them to wherever they need to go (like a k8s secret). I use AWS KMS keys so the key is nowhere on my machine (just some temporary credentials for AWS that expire every few hours)


.gitattributes filters for check-in and check-out are useful too. I've wired those up with sops (above) so that locally my file always appears plaintext but when I check it into git it gets encrypted automatically so there's never a plaintext version in the remote. I was initially inspired by


Thanks a bunch @U5RCSJ6BB and @U7JK67T3N! Lots of reading material 🙂