SecretsWatcher

Elixir CI

An Elixir library to watch secrets changes in a given directory.

Installation

def deps do
  [
    {:secrets_watcher, "~> 0.5"}
  ]
end

Usage

Establish the list of secrets you want to watch in a directory:
```
      secrets =
      [
        "aws-credentials.json",
        {"secret.txt", fn wrapped_secret-> do_something_with_secret(wrapped_secret) end}
      ]
```
ℹ️ Note that you actually use the filename of the secret to watch in a directory.
ℹ️ The form {"secret_filename", callback} registers a callback to be called each time a secret has changed on disk.

Configure and add secrets_watcher to your supervision tree:

  children =
    [
      {SecretsWatcher,
       [
         name: :secrets,
         secrets_watcher_config: [directory: path_to_secrets_directory, secrets: secrets]
       ]}
    ]

  opts = [strategy: :one_for_one, name: MyApp.Supervisor]
  Supervisor.start_link(children, opts)

ℹ️ If you don’t specify the :name option, SecretsWatcher will be used by default.

Whenever you want to retrieve a secret, use SecretsWatcher.get_wrapped_secret/2:

  {:ok, wrapped_credentials} =
    SecretsWatcher.get_wrapped_secret(:secrets, "aws-credentials.json")

  secret = wrapped_credentials.()