Support for Secrets?

What are your thoughts on having native support for secrets?

Docker has the idea of “secrets” (sensitive values that shouldn’t be passed as environment variables). A secret, say my_db_password, appears in a container as a file: /run/secrets/my_db_password.

There’s already precedent for server.system.environment, so how about a key like server.system.secret?

On startup, the secrets directory’s files would get looped, each file name would be added to the struct as a key (e.g., server.system.secret.my_db_password), which would would be set to the value of the file’s contents.

To accommodate for non-docker (legacy) contexts, there could be a setting to specify the secrets directory (a “secrets location” app-specific setting, maybe).

I originally brought this up here:
https://lucee.daemonite.io/t/how-do-we-make-configuring-lucee-rock/193/12

1 Like