Added an example to show how common secrets can be shared across multiple environments in secrets.yml #19898
Conversation
|
👍 |
|
What about to add this to all YAML configurations? For example to |
|
👍 |
|
@simi Good point. I think if we agree to add it for secrets.yml then we can also add it for other files. |
|
What does this offer over using YAML's built-in anchor/reference syntax? |
|
@matthewd You are right. Same functionality can be achieved using YAML's anchor/reference syntax. This is just another way to do it. |
|
I'm concerned that providing documented application API to do so would encourage this practice which IMO is an anti-pattern (at least as far as presenting it to new users go), as secrets by their nature are best not to reuse across environments, especially in the most common case of production vs non-production. For someone who went beyond the basics and has a bona fide use case for this (for example, multiple production envs who need to share secret for communicating with each other), as mentioned in comments, this could be done manually using .yaml reference syntax. |
prathamesh-sonpatki
changed the title
|
We use the YAML reference syntax already in our |
|
@senny I agree. What do you mean by |
|
Add an example for YAML linking in default file generated. On Sunday, April 26, 2015, प्रथमेश notifications@github.com wrote:
Vipul A.M. |
prathamesh-sonpatki
force-pushed
the
common-secrets
branch
from
45eba60
to
57c98e3
Compare
|
@senny Updated the PR. The only issue I think is development and test environments will have same secret_key_base. Or should we add a commented example for showing how secrets can be shared? |
|
@prathamesh-sonpatki better add a commented example. I don't think |
prathamesh-sonpatki
force-pushed
the
common-secrets
branch
from
57c98e3
to
13f620d
Compare
|
@senny Updated. Please check. |
|
@senny What do you think about this? |
|
@prathamesh-sonpatki it's on my list. Please don't make ping comments continuously. We get enough emails as is. |
|
Looking at the example I don't think we should promote that in the file itself. What about only including the sentence: # You can also share common secrets in multiple environments
# using YAML anchor/reference syntax.Followed by a link to find more details. |
|
Can we update the example to use |
|
In my projects I rarely find myself in the situation of sharing secrets with Let's wait for more feedback before we decide. |
|
Ok. Here is an example of secrets.yml sharing settings - https://github.com/bigbinary/wheel/blob/master/config/secrets.yml. Then all the initializers access these values throguh |
|
Yes, putting the |
prathamesh-sonpatki
force-pushed
the
common-secrets
branch
from
13f620d
to
fe3a896
Compare
|
I have updated the example to use ENV variables. |
prathamesh-sonpatki
changed the title
Added an example to show how common secrets can be shared across multiple environments in secrets.yml [ci skip]
|
This broke the build as the ERB is still interpolated, even though it's inside of a comment. Please re-open once you fix |
they had to be duplicated under each environment in
config/secrets.yml.commonkey such thatthey will be loaded in all environments.
are present under both sections.
Edit
Common secrets is a bit confusing here. I meant to say common configuration options or settings like lets say
default_from_email_address. It can besupport@example.comin development, test and in production can be something else.