phoenix-ecto-encryption-example icon indicating copy to clipboard operation
phoenix-ecto-encryption-example copied to clipboard

Published 20 hours ago verified publisher icon dwyl

Environment variables loading with escaped quotes

Open monting opened this issue 5 years ago • 5 comments

Firstly, thank you so much for this amazing resource!

Onto the issue. When I insert this code:

https://github.com/dwyl/phoenix-ecto-encryption-example/blob/6d79f2595045ad74f9692390a39ed37f70a309d3/config/config.exs#L30-L42

and have (double/single) quotes around the values in the .env file, the environment variables are loaded with the quotes.

For example, in the .env file:

export SOME_ENV_VAR="randomString"

results in:

iex(3)> System.get_env("SOME_ENV_VAR")
"\"randomString\""

I'm not entirely sure why there's code to load the environment variables like this. Why not just do the standard source .env?

monting avatar May 30 '19 05:05 monting

@monting I think that you are having this issue because of the double quotes you have used in your .env file...

export SOME_ENV_VAR="randomString"

should be...

export SOME_ENV_VAR=randomString

Try this out and let me know if this works for you.

To answer your question about the code to load the environment variables. I didn't write this tutorial/example but I think that it was added so that people do not have to remember to type source .env into their terminal every time that they add a variable. Reduces the chance of human error (and removes repetition)

RobStallion avatar May 30 '19 08:05 RobStallion

@RobStallion thanks for your response! Appreciate it.

It is indeed because I'm quoting my shell variable exports. I'd say this is accepted, even recommended practice, so there are readers that will encounter this. Quoting is safer - necessary if you have whitespaces, easier to see that there are no trailing whitespace,...

Furthermore, there's an instance here: https://github.com/dwyl/phoenix-ecto-encryption-example/blob/master/.env_sample#L2

where the quotes are later getting stripped out here: https://github.com/dwyl/phoenix-ecto-encryption-example/blob/6d79f2595045ad74f9692390a39ed37f70a309d3/config/config.exs#L45-L49

This makes quoting inconsistent in the .env file, and one would need to remember not to quote other variables.

I'd say that this is too much env var fiddling, for just being able to load env vars automatically, which is something that seems to be out of scope for the topic of this fantastic readme.

monting avatar May 30 '19 14:05 monting

@RobStallion thanks for responding, agreed. ✅ @monting the only reason for this was we couldn't figure out how to have multiple encryption keys ... which was a requirement our infosec person demanded when we were putting together this README.md (in case it wasn't clear, this was a spike we were doing to prove to a fintech co that it was possible to do transparent encryption...) Indeed the single quotes are being removed in the pipeline. We agree that this is not an ideal way of having multiple encryption keys. But this example was not mean to be perfect just a "Proof of Concept".

If you have time to improve it, please create a PR. 👍

nelsonic avatar May 30 '19 16:05 nelsonic

@nelsonic thanks for the response, and your work on this has been a godsend 👏

I can see the reasoning behind the multiple encryption keys. I was more arguing against the code that autoloads env variables in .env: https://github.com/dwyl/phoenix-ecto-encryption-example/blob/6d79f2595045ad74f9692390a39ed37f70a309d3/config/config.exs#L30-L42

Will send PR for improvement.

monting avatar May 30 '19 17:05 monting

@monting I figured that if I was going to split the encryption keys, I might as well write a tiny function to load all the environment variables from the .env file. It's a rudimentary Elixir version of https://github.com/dwyl/env2 which we used everywhere.

nelsonic avatar May 30 '19 18:05 nelsonic