What are your thoughts on having native support for secrets?
Docker has the idea of “secrets” (sensitive values that shouldn’t be passed as environment variables). A secret, say
my_db_password, appears in a container as a file:
There’s already precedent for
server.system.environment, so how about a key like
On startup, the secrets directory’s files would get looped, each file name would be added to the struct as a key (e.g.,
server.system.secret.my_db_password), which would would be set to the value of the file’s contents.
To accommodate for non-docker (legacy) contexts, there could be a setting to specify the secrets directory (a “secrets location” app-specific setting, maybe).
I originally brought this up here: