Welcome! Please see the About page for a little more info on how this works.

0 votes
in Libs by

Locally I'm using https://github.com/juxt/aero to read in a local secrets.edn file that is not tracked by version control intentionally so that secrets.edn doesn't reach github since that's a public repo

but the flip side of that means secrets.edn would not be in my git repo for sending up to Datomic cloud, I suppose I can make my GitHub repo private but if possible I'd prefer an alternative

2 Answers

+2 votes
selected by
Best answer
I should have looked harder, thank you
+1 vote

Non-expert guess: could you use a private, access controlled s3 bucket and manage credentials somehow? Allow cloud roles to have access to it, noone else. Put your secrets there. I haven't done this myself. I'm guessing there's an approved solution from Cognitect...

That's a good point, the more I think about it that might be a slow retrieval, so why not use DynamoDB, then I thought why not use Datomic to store the secrets, feels right since I have the machinery for Datomic access pre-installed, I assume data stored in Datomic is secure in that sense?