jamey/simpleshop_theme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eede9bb517
simpleshop_theme/lib/simpleshop_theme/secrets.ex
jamey eede9bb517 feat: add encrypted settings, guided Stripe setup, and admin credentials page 
Store API keys and secrets encrypted in the SQLite database via the
existing Vault module (AES-256-GCM). The only external dependency is
SECRET_KEY_BASE — everything else lives in the portable DB file.

- Add encrypted_value column to settings table with new "encrypted" type
- Add put_secret/get_secret/delete_setting/secret_hint to Settings context
- Add Secrets module to load encrypted config into Application env at startup
- Add Stripe.Setup module with connect/disconnect/verify_api_key flow
  - Auto-creates webhook endpoints via Stripe API in production
  - Detects localhost and shows Stripe CLI instructions for dev
- Add admin credentials page at /admin/settings with guided setup:
  - Not configured: single Secret key input with dashboard link
  - Connected (production): status display, webhook info, disconnect
  - Connected (dev): Stripe CLI instructions, manual signing secret input
- Remove Stripe env vars from dev.exs and runtime.exs
- Fix CSSCache test startup crash (handle_continue instead of init)
- Add nav link for Credentials page

507 tests, 0 failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 17:12:53 +00:00

45 lines
1.3 KiB
Elixir
Raw Blame History

defmodule SimpleshopTheme.Secrets do
@moduledoc """
Loads encrypted secrets from the database into Application env at runtime.
Secrets are stored encrypted in the settings table via `Settings.put_secret/2`
and loaded into the appropriate Application config on startup. This keeps all
credentials in the portable SQLite database, encrypted via the Vault module.
The only external dependency is `SECRET_KEY_BASE` (used to derive encryption keys).
"""
alias SimpleshopTheme.Settings
require Logger
@doc """
Loads all secrets from the database into Application env.
Called at startup from the supervision tree, after the Repo is ready.
"""
def load_all do
load_stripe_config()
end
@doc """
Loads Stripe credentials from encrypted settings into Application env.
"""
def load_stripe_config do
api_key = Settings.get_secret("stripe_api_key")
signing_secret = Settings.get_secret("stripe_signing_secret")
if api_key do
Application.put_env(:stripity_stripe, :api_key, api_key)
Logger.debug("Stripe API key loaded from database")
end
if signing_secret do
Application.put_env(:stripity_stripe, :signing_secret, signing_secret)
Logger.debug("Stripe webhook secret loaded from database")
end
:ok
end
end
Reference in New Issue View Git Blame Copy Permalink