3b8d5faf3b
- Extract fetch_setting/1 in Settings (4 callsites → 1 repo lookup) - Replace hardcoded load_stripe_config with registry-driven load_all - Adding new secrets is now a one-line @secret_registry entry - Mark DRY refactor plan as complete (all 8 items done) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
42 lines
1.2 KiB
Elixir
42 lines
1.2 KiB
Elixir
defmodule SimpleshopTheme.Secrets do
|
|
@moduledoc """
|
|
Loads encrypted secrets from the database into Application env at runtime.
|
|
|
|
Secrets are stored encrypted in the settings table via `Settings.put_secret/2`
|
|
and loaded into the appropriate Application config on startup. This keeps all
|
|
credentials in the portable SQLite database, encrypted via the Vault module.
|
|
|
|
The only external dependency is `SECRET_KEY_BASE` (used to derive encryption keys).
|
|
"""
|
|
|
|
alias SimpleshopTheme.Settings
|
|
|
|
require Logger
|
|
|
|
# Registry of {settings_key, app, env_key} — add new secrets here
|
|
@secret_registry [
|
|
{"stripe_api_key", :stripity_stripe, :api_key},
|
|
{"stripe_signing_secret", :stripity_stripe, :signing_secret}
|
|
]
|
|
|
|
@doc """
|
|
Loads all secrets from the database into Application env.
|
|
|
|
Called at startup from the supervision tree, after the Repo is ready.
|
|
"""
|
|
def load_all do
|
|
for {settings_key, app, env_key} <- @secret_registry do
|
|
case Settings.get_secret(settings_key) do
|
|
nil ->
|
|
:skip
|
|
|
|
value ->
|
|
Application.put_env(app, env_key, value)
|
|
Logger.debug("Loaded #{settings_key} from database")
|
|
end
|
|
end
|
|
|
|
:ok
|
|
end
|
|
end
|