Thoughts on Environment Variables

[saramic]

A lightning talk 5 - 10 minutes on managing environment variables in rails.

You're app is coming along and all of a sudden you need to configure the number of workers, or an endpoint to access an API. You reach for CONSTANTS but very quickly you find out that these will vary between development, test and production apps. Not only that but you have a number of "production" apps like staging, sandbox, UAT and the like. You also read up about The Twelve-Factor App and you go for Environment Variables (ENV_VARS) to configure everything. But development becomes a night mare so you use .env files to store all these configurations. And then you get an API Key 🔑 or Secret 🔐 and you also through it into the .env file and even commit it to Git!!! 🚨 - at night you here yourself counselling yourself "it's OK, it's a private repo" "it's OK, it's only a developer secret"

It's NOT OK this is the kind of behaviour that leads to security breaches and people being fired! - let's not blame the individuals but the process. The process of not having an easy way to store and share secrets is the root of the problem, and not developers accidentally sharing secrets they haphazardly saved to their publicly visible .Dotfiles git hub repo

Learn:

1. why to use Env Vars
2. how to use .env https://github.com/bkeepers/dotenv and why it's a bad idea
3. how to use rails credentials as well as Shopify's EJson, or Mozillas SOPS or Ansible's Vault
4. how to easily manage and override credentials using Evil Martians AnywayConfg
5. and why you should never be complacent with the way things are - learn how to break your system to make a better system

with code examples - https://github.com/failure-driven/env-var-demo

[ponny]

Keen for this.

[saramic]

@ponny - not sure I did the topic justice but in case you were interested -> https://www.youtube.com/watch?v=Pf-IrWRm-UE