Extends the behaviour of the crystal-lang ENV
module to read values injected by docker secrets, kubernetes secrets and other orchestration tools.
-
Add the dependency to your
shard.yml
:dependencies: secrets-env: github: spider-gazelle/secrets-env
-
Run
shards install
require "secrets-env"
Use the SECRETS_PATH
environment variable to specify the volume used for secrets injection.
If unspecified this will default to /run/secrets
.
ENV
may then be used as per the standard API.
Values fetch from (in order of priority):
- environment variable
- secret of the same name
- fallback (if specified)
Note: attempts to update the environment ([]=
) will apply this as an env var.
Secrets are immutable.
Once set as env vars take preference over secrets, the new value is readable by the current machine, but is ephemeral.
Additionally, ENV.accessed
provides a record of all accesses to the ENV
variable across the program.