search

Shopify / ejson

EJSON is a small library to manage encrypted secrets using asymmetric encryption.
MIT License
1.33k stars 63 forks source link

[Feature Request] Read private key from environment variable #90

Closed runlevel5 closed 2 years ago

runlevel5 commented 2 years ago

Heroku, Netlify and many other PaaS are stateless so files don't stick around permanently. And because ejson look up private key from EJSON_KEYDIR file, this can pose a bit of challenge to adopt ejson.

What we know that these platforms uses environment variables as the 1st class citizen, so why don't we look up from environment variable for private key instead?

Here is one example:

Private Key: 123 Public Key: abcdef

The ejson app would try to look for environment variable abcdef before falling back to reading $EJSON_KEYDIR/abcdef file. Alternatively, we could let user define which environment variable to lookup:

{
    "_public_key": "<public key here>",
    "_private_key_env_var": "<the_name_of_the_env_var_that_contains_the_private_key>",
     "SECRET_SHELL_VARIABLE": "<encrypted data>"
}
runlevel5 commented 2 years ago

I am closing this issue because it is related to https://github.com/Shopify/ejson/issues/23