Secrets
This plugin manages secrets on Shuttle.
Usage
Add shuttle-secrets
to the dependencies for your service, and add a Secrets.toml
to the root of your project
with the secrets you’d like to store. Make sure to add Secrets*.toml
to a .gitignore
to omit your secrets from version control.
The format of the Secrets.toml file is a key-value mapping with string values.
MY_API_KEY = 'the contents of my API key'
MY_OTHER_SECRET = 'some other secret'
Next, pass #[shuttle_secrets::Secrets] secret_store: SecretStore
as an argument to your shuttle_runtime::main
function.
SecretStore::get
can now be called to retrieve your API keys and other secrets at runtime.
Local secrets
When developing locally with cargo shuttle run
, you can use a different set of secrets. If you add a Secrets.dev.toml
to the
root of your project, these secrets will be used for local runs. The Secrets.dev.toml
file will only be used for local runs.
If you don’t have a Secrets.dev.toml
file, Secrets.toml
will be used locally as well as for deployments. If you want to have
both secret files with some of the same secrets for both local runs and deployments, you have to duplicate the secret across both
files.
Example
This snippet shows a Shuttle rocket main function that uses the shuttle_secrets::Secrets
attribute to gain access to a SecretStore
.
#[shuttle_runtime::main]
async fn rocket(
#[shuttle_secrets::Secrets] secret_store: SecretStore,
) -> ShuttleRocket {
// get secret defined in `Secrets.toml` file.
let secret = if let Some(secret) = secret_store.get("MY_API_KEY") {
secret
} else {
return Err(anyhow!("secret was not found").into());
};
let state = MyState { secret };
let rocket = rocket::build().mount("/", routes![secret]).manage(state);
Ok(rocket.into())
}
The full example can be found on GitHub
Caveats
- Some libraries read from their own config files or environment variables,
with no way of providing them in code. Sometimes, this can be solved by
manually setting the variable after loading the secret (and before loading the library):
std::env::set_var("SOME_ENV_VAR", my_secret);
Was this page helpful?