Encrypted Secrets


I’ve de-railed (or rather de-activesupported) some of my gems in favor of dry-rb and I’m very happy ever since. However, I’m not sure how best to deal with secrets. Keeping encrypted secrets in the repo comes in very handy for CI or deployment to Kube etc. So far, I’m using require 'active_support/encrypted_configuration' for this, but I’d really like to kiss it goodbye.

It’s not very hard to code something similar in PORO, but I guess I’m not the only one dealing with a bunchload of secrets in dry-land. How do you manage this? Or how does Hanami 2 manage this?

In case there’s no infrastructure for this yet, how about something like dry-secrets?


This feels like more of a job for ROM, take a look at this comment thread for inspiration.